Attacking Active Directory Authentication:
Before moving to further, we must familiar with Active directory. For this, please check my previous blog .
It will give description about AD and if you want to know about authentication method go with this blog
There are three methods to bypass AD authentication, we will discuss one by one.
Cached Credentials Storage and Retrieval:
As in my previous blog I already discuss Kerberos, which store organizations hashed credentials somewhere to regenerate TGT request or in LSASS (Local Security Authority Subsystem Service).
So if anyhow we can get access of these hashes then we will further try to crack those hashes. Therefore, our initial aim to get access of these hashes. Nevertheless, to get something from LSASS we need at least local admin access.
Here we are going to use “Mimikatz” to extract the hashes from LSASS.
Note: Mimikatz work on previously defined signatures. It can work on PowerShell or can work as Task Manager.
a. Basic Approach:
i. First you have to download the mimkatz to the machine you can find it here
