In this tutorial, I again enumerated users, groups, memberships, and domain controllers. Then I did port scanning of the domain controller after locating its hostname and its active users. Then we used mimikatz to dump the password hashes of the workstation we compromised. We used PowerShell alongside PowerSploit to accomplish this.

Skills Learned

  • PowerShell
  • Mimikatz
  • PowerSploit

OSCP Certificate Notes

Windows Active Directory Penetration Testing Study Notes

Video Walk-through

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles