{"version":1,"pages":[{"id":"-LHt8n5ik7du8YQDHtdc","title":"Introduction","pathname":"/cheatsheet","siteSpaceId":"sitesp_ybR7Y","description":"I gather things here."},{"id":"-LkJkuFVlQ55nvAIkSE8","title":"Active Directory","pathname":"/cheatsheet/internalpentest/active-directory","siteSpaceId":"sitesp_ybR7Y","description":"","breadcrumbs":[{"label":"Internal Pentest"}]},{"id":"-LkJlwTcfQUklUjQkd3I","title":"Reconnaissance","pathname":"/cheatsheet/internalpentest/active-directory/reconnaissance","siteSpaceId":"sitesp_ybR7Y","description":"","breadcrumbs":[{"label":"Internal Pentest"},{"label":"Active Directory"}]},{"id":"-LkJrkQp0hpQLn7f_NB6","title":"Find Domain Name","pathname":"/cheatsheet/internalpentest/active-directory/reconnaissance/find-domain-name","siteSpaceId":"sitesp_ybR7Y","description":"","breadcrumbs":[{"label":"Internal Pentest"},{"label":"Active Directory"},{"label":"Reconnaissance"}]},{"id":"-LkJn2cfD21c3sn8P8Ut","title":"Find Domain Controllers","pathname":"/cheatsheet/internalpentest/active-directory/reconnaissance/find-domain-controllers","siteSpaceId":"sitesp_ybR7Y","description":"","breadcrumbs":[{"label":"Internal Pentest"},{"label":"Active Directory"},{"label":"Reconnaissance"}]},{"id":"-LkJt8eIuOgeS0gvXHLf","title":"Enumerating Machines","pathname":"/cheatsheet/internalpentest/active-directory/reconnaissance/enumerating-machines","siteSpaceId":"sitesp_ybR7Y","description":"It is important during an internal penetration test to enumerate alive machines in order to properly cartography the perimeter.","breadcrumbs":[{"label":"Internal Pentest"},{"label":"Active Directory"},{"label":"Reconnaissance"}]},{"id":"-LkKCuo_uGrn-JCIBVe_","title":"Enumerating Services","pathname":"/cheatsheet/internalpentest/active-directory/reconnaissance/enumerating-services","siteSpaceId":"sitesp_ybR7Y","description":"We cannot enumerate every ports on every machines during an internal assessment (because of allotted time). We have to choose specific ports (smb, web ports, administrative ports, etc).","breadcrumbs":[{"label":"Internal Pentest"},{"label":"Active Directory"},{"label":"Reconnaissance"}]},{"id":"-LkJsy-c_Bjw-7KZwauT","title":"DNS Enumeration","pathname":"/cheatsheet/internalpentest/active-directory/reconnaissance/dns-enumeration","siteSpaceId":"sitesp_ybR7Y","description":"DNS Enumeration is an important step to cartography the perimeter.","breadcrumbs":[{"label":"Internal Pentest"},{"label":"Active Directory"},{"label":"Reconnaissance"}]},{"id":"-LkKGZfErhvaSR2Tkkf4","title":"Exploitation","pathname":"/cheatsheet/internalpentest/active-directory/exploitation","siteSpaceId":"sitesp_ybR7Y","description":"","breadcrumbs":[{"label":"Internal Pentest"},{"label":"Active Directory"}]},{"id":"-LkKEJ0O5zJUf4NT4fT9","title":"Exploit Without Account","pathname":"/cheatsheet/internalpentest/active-directory/exploitation/exploit-without-account","siteSpaceId":"sitesp_ybR7Y","description":"","breadcrumbs":[{"label":"Internal Pentest"},{"label":"Active Directory"},{"label":"Exploitation"}]},{"id":"-LZUdwZ_1TKKHjOk7r9c","title":"SMB Relay","pathname":"/cheatsheet/internalpentest/active-directory/exploitation/exploit-without-account/smb-relay","siteSpaceId":"sitesp_ybR7Y","description":"This page deals with gaining code execution relaying NTLMv1/2 hashes in a very effective manner.","breadcrumbs":[{"label":"Internal Pentest"},{"label":"Active Directory"},{"label":"Exploitation"},{"label":"Exploit Without Account"}]},{"id":"-LkKFZSx6b6nXTR6dOph","title":"Exploit With Account","pathname":"/cheatsheet/internalpentest/active-directory/exploitation/exploit-with-account","siteSpaceId":"sitesp_ybR7Y","description":"","breadcrumbs":[{"label":"Internal Pentest"},{"label":"Active Directory"},{"label":"Exploitation"}]},{"id":"-LYwdj-2Ww0iCkakq2CH","title":"Kerberoast Attack","pathname":"/cheatsheet/internalpentest/active-directory/exploitation/exploit-with-account/kerberoast-attack","siteSpaceId":"sitesp_ybR7Y","description":"This page deals with compromising Active Directory with Kerberoast attack.","breadcrumbs":[{"label":"Internal Pentest"},{"label":"Active Directory"},{"label":"Exploitation"},{"label":"Exploit With Account"}]},{"id":"-LkKI75aPzsivfdwBABv","title":"Post-Exploitation","pathname":"/cheatsheet/internalpentest/active-directory/post-exploitation","siteSpaceId":"sitesp_ybR7Y","description":"","breadcrumbs":[{"label":"Internal Pentest"},{"label":"Active Directory"}]},{"id":"-LkKJ3IgI_0R3RSqSd66","title":"Extracting Credentials","pathname":"/cheatsheet/internalpentest/active-directory/post-exploitation/extracting-credentials","siteSpaceId":"sitesp_ybR7Y","description":"","breadcrumbs":[{"label":"Internal Pentest"},{"label":"Active Directory"},{"label":"Post-Exploitation"}]},{"id":"-LHtLPjV6XsS9wTaUheX","title":"Retrieve Windows passwords","pathname":"/cheatsheet/internalpentest/active-directory/post-exploitation/extracting-credentials/windows-clear-text-credentials","siteSpaceId":"sitesp_ybR7Y","description":"This page deals with retrieving windows clear text credentials from memory and WDigest.","breadcrumbs":[{"label":"Internal Pentest"},{"label":"Active Directory"},{"label":"Post-Exploitation"},{"label":"Extracting Credentials"}]},{"id":"-LHtdafWKgGt04rx4yW_","title":"Retrieve Windows hashes","pathname":"/cheatsheet/internalpentest/active-directory/post-exploitation/extracting-credentials/retrieve-windows-hashes","siteSpaceId":"sitesp_ybR7Y","description":"This page deals with retrieving windows hashes (NTLM, NTLMv1/v2, MSCASHv1/v2).","breadcrumbs":[{"label":"Internal Pentest"},{"label":"Active Directory"},{"label":"Post-Exploitation"},{"label":"Extracting Credentials"}]},{"id":"-LkKHv1V-va2TkriJRPs","title":"Maintening Access","pathname":"/cheatsheet/internalpentest/active-directory/post-exploitation/maintening-access","siteSpaceId":"sitesp_ybR7Y","description":"","breadcrumbs":[{"label":"Internal Pentest"},{"label":"Active Directory"},{"label":"Post-Exploitation"}]},{"id":"-LkKJCk9vcF4zDuIkZwr","title":"Adding Local Administrator","pathname":"/cheatsheet/internalpentest/active-directory/post-exploitation/maintening-access/adding-local-administrator","siteSpaceId":"sitesp_ybR7Y","description":"Adding a local administrator on a machine is a very effective way to maintain access to a machine.","breadcrumbs":[{"label":"Internal Pentest"},{"label":"Active Directory"},{"label":"Post-Exploitation"},{"label":"Maintening Access"}]},{"id":"-LkKGBuqgprzv5FN5bn2","title":"Lateral Movement","pathname":"/cheatsheet/internalpentest/active-directory/post-exploitation/lateral-movement","siteSpaceId":"sitesp_ybR7Y","description":"","breadcrumbs":[{"label":"Internal Pentest"},{"label":"Active Directory"},{"label":"Post-Exploitation"}]},{"id":"-LHwoUZLkNLVdCMOowJV","title":"SMB protocol","pathname":"/cheatsheet/internalpentest/active-directory/post-exploitation/lateral-movement/smb-protocol","siteSpaceId":"sitesp_ybR7Y","description":"This page deals with lateral movement using smb protocol.","breadcrumbs":[{"label":"Internal Pentest"},{"label":"Active Directory"},{"label":"Post-Exploitation"},{"label":"Lateral Movement"}]}]}