Reconnaissance Phase

1. Full TCP Port Scan on Target Host2. Service and Version Detection3. Null Session SMB Enumeration4. LDAP Anonymous Bind Check5. Kerberos Username Enumeration6. Password Brute Force via SMB Login
PreviousActive Directory Attack Lab: Recon-to-RootNext1. Full TCP Port Scan on Target Host