From the course: Advanced Pen Testing Techniques for Active Directory
Join today to access over 24,900 courses taught by industry experts.
Run a no-preauthentication attack - Active Directory Tutorial
From the course: Advanced Pen Testing Techniques for Active Directory
Run a no-preauthentication attack
- A service principal name is a unique identifier of a service instance, which is used by Kerberos. It's used as an alias for an active directory object which can be a service account, a user account or a computer object. It lets other active directory resources know which services are running under which accounts and creates associations between them in active directory. SPNs provide a shortcut for the service to authenticate an account. If service accounts have been created with user SPNs, these can be potentially attacked using the Impacket Get User SPNs Kerberoasting tool. Let's set up a service account called sendai. We'll select tools, active directory users and computers, users, new user. We'll set up sendai, logon name sendai. And we'll set the password. And we'll set it to never expire. Okay. Creating a user SPN is done using the set SPN command line tool. Setspn -S and the service we're going to…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
(Locked)
Specific Active Directory attacks59s
-
(Locked)
Remote extraction of AD hashes2m 36s
-
(Locked)
Carry out a Kerberos roasting2m
-
(Locked)
Run a no-preauthentication attack4m 13s
-
(Locked)
Forge a golden ticket5m 8s
-
(Locked)
Running a shadow attack5m 5s
-
(Locked)
Using rubeus to take over the domain7m 25s
-
(Locked)
Relaying attacks to get a certificate3m 29s
-
(Locked)
Using smartcards to gain privileged access6m 49s
-
(Locked)
Set the BloodHound loose6m 34s
-
(Locked)
-