Skip to content
Hash Identifier

Posts tagged: #active directory

Back to all posts
AS-REP Roasting: cracking accounts that skipped Kerberos preauth
How AS-REP roasting lets an unauthenticated attacker pull a crackable krb5asrep hash from accounts with preauth disabled, and how defenders catch it.
as-rep roastingactive directorykerberoshashcat
Capturing NetNTLMv2 with Responder and cracking it offline
Poison LLMNR and NBT-NS with Responder to capture a NetNTLMv2 challenge response, crack it with hashcat mode 5600, and know when to relay instead.
netntlmv2responderactive directoryhashcat
Cracking cached domain credentials (DCC2 / MS-Cache v2)
Extract DCC2 hashes from a domain-joined host with secretsdump, crack them with hashcat mode 2100, and understand why MS-Cache v2 is slow by design.
dcc2mscacheactive directoryhashcat
Dumping NTDS.dit and cracking every password in the domain
How domain hashes get extracted from NTDS.dit with secretsdump, how to feed the NT hashes to hashcat, map them back to users, and detect a DCSync.
ntdsdcsyncactive directoryhashcat
Kerberoasting: turning a service ticket into a domain password
How Kerberoasting actually works, why any domain user can do it, and the exact path from a krb5tgs ticket to a cracked service account password with hashcat.
kerberoastingactive directoryhashcatkerberos
What an NTLM hash actually is
NTLM is the MD4 of a UTF-16LE password: unsalted, fast, password-equivalent. How it differs from NetNTLMv2, where it lives, and why length is the only defence.
ntlmhashcatactive directoryhash formats
Pass-the-Hash: authenticating with an NTLM hash you never cracked
Why an NTLM hash is password-equivalent, how pass-the-hash works with Impacket, NetExec and Mimikatz, and the controls that actually stop lateral movement.
pass-the-hashntlmactive directorylateral movement