diff --git a/tldr/getadusers.py b/tldr/getadusers.py new file mode 100644 index 00000000..9f094bbc --- /dev/null +++ b/tldr/getadusers.py @@ -0,0 +1,26 @@ +--- +syntax: markdown +tags: [tldr, common] +source: https://github.com/tldr-pages/tldr.git +--- +# GetADUsers.py + +> Retrieve a list of users from Active Directory, including attributes like last logon timestamp and email. +> Part of the Impacket suite. +> More information: . + +- Enumerate all Active Directory users and their attributes: + +`GetADUsers.py -all -dc-ip {{domain_controller_ip}} {{domain}}/{{username}}:{{password}}` + +- Retrieve information only for a specific user: + +`GetADUsers.py -user {{user}} -dc-ip {{domain_controller_ip}} {{domain}}/{{username}}:{{password}}` + +- Extract user details using pass-the-hash authentication: + +`GetADUsers.py -all -dc-ip {{domain_controller_ip}} -hashes {{LM_Hash}}:{{NT_Hash}} {{domain}}/{{username}}` + +- Save output to a file: + +`GetADUsers.py -all -dc-ip {{domain_controller_ip}} {{domain}}/{{username}}:{{password}} > output.txt` diff --git a/tldr/getnpusers.py b/tldr/getnpusers.py new file mode 100644 index 00000000..0f6dacd7 --- /dev/null +++ b/tldr/getnpusers.py @@ -0,0 +1,30 @@ +--- +syntax: markdown +tags: [tldr, common] +source: https://github.com/tldr-pages/tldr.git +--- +# GetNPUsers.py + +> Enumerate Active Directory accounts with Kerberos pre-authentication disabled, which may be susceptible to AS-REP roasting attacks. +> Part of the Impacket suite. +> More information: . + +- Enumerate users with Kerberos pre-authentication disabled (default anonymous enumeration): + +`GetNPUsers.py {{domain}}/ -usersfile {{path/to/userslist}} -dc-ip {{domain_controller_ip}}` + +- Perform AS-REP roasting and dump crackable hashes for offline cracking: + +`GetNPUsers.py {{domain}}/ -usersfile {{path/to/userslist}} -dc-ip {{domain_controller_ip}} -request` + +- Authenticate with valid credentials (if anonymous binding is disabled): + +`GetNPUsers.py {{domain}}/{{username}}:{{password}} -usersfile {{path/to/userslist}} -dc-ip {{domain_controller_ip}}` + +- Use pass-the-hash authentication instead of a password: + +`GetNPUsers.py {{domain}}/{{username}} -hashes {{LM_Hash}}:{{NT_Hash}} -usersfile {{path/to/userslist}} -dc-ip {{domain_controller_ip}}` + +- Save the output to a file for further analysis: + +`GetNPUsers.py {{domain}}/ -usersfile {{path/to/userslist}} -dc-ip {{domain_controller_ip}} -request > {{output.txt}}` diff --git a/tldr/impacket-getadusers b/tldr/impacket-getadusers new file mode 100644 index 00000000..bfda54fa --- /dev/null +++ b/tldr/impacket-getadusers @@ -0,0 +1,14 @@ +--- +syntax: markdown +tags: [tldr, common] +source: https://github.com/tldr-pages/tldr.git +--- +# impacket-GetADUsers + +> This command is an alias of `GetADUsers.py`. +> Part of the Impacket suite. +> More information: . + +- View documentation for the original command: + +`tldr GetADUsers.py` diff --git a/tldr/impacket-getnpusers b/tldr/impacket-getnpusers new file mode 100644 index 00000000..a962647a --- /dev/null +++ b/tldr/impacket-getnpusers @@ -0,0 +1,14 @@ +--- +syntax: markdown +tags: [tldr, common] +source: https://github.com/tldr-pages/tldr.git +--- +# impacket-GetNPUsers + +> This command is an alias of `GetNPUsers.py`. +> Part of the Impacket suite. +> More information: . + +- View documentation for the original command: + +`tldr GetNPUsers.py`