TJ_Null’s OSCP Prep – HTB – Forest

TJ_Null’s OSCP Prep – HTB – Forest

This is an Active Directory machine. After enumerating SMB it leaks a list of users. I then used impacket-GetNPUsers to look for users without Kerberos pre-authentication required attribute. There was one user, svc-alfresco, which didnt have kerberos pre-authentication enabled and I got a hash. I cracked the hash using john the ripper, and used Evil-WinRM…