// active directory pentest

Attack Chain

Follow the chain from initial reconnaissance to full domain compromise. Each phase links to articles and commands.

01

Reconnaissance

Passive & active information gathering before touching the target.

OSINT Google Dorking Shodan
02

Enumeration

Map the network, ports, services and AD structure.

Nmap BloodHound LDAP
03

Password Attacks

Brute force, spraying, Kerberoasting and hash cracking.

Hashcat Hydra Kerberoast
04

Vulnerability Discovery

Find exploitable misconfigurations and CVEs in the environment.

Nessus Nikto Nuclei
05

Exploitation

Leverage vulnerabilities to gain initial or elevated access.

Metasploit Searchsploit Web Apps
06

Reverse Shells

Establish persistent callbacks from the target to your listener.

Bash PowerShell Netcat
07

Post Exploitation

Situational awareness, privilege escalation and persistence.

Mimikatz WinPEAS Pass-the-Hash
08

Pivoting

Route traffic through compromised hosts to reach internal segments.

Chisel SSH Tunneling Proxychains
09

Data Exfiltration

Extract sensitive data via covert channels and protocols.

DNS ICMP HTTP(S)
10

Cleanup

Remove artifacts, clear logs and cover your tracks.

Event Logs Prefetch Bash History
↗ hackpack.xyz Full Command Reference Complete toolkit with all commands for every phase. ↗ activedirectorylabs.com Lab Setup Guides Build your own AD environment on Proxmox, VMware or VirtualBox.