Reconnaissance Phase

1. Full TCP Port Scan on Target Host 2. Service and Version Detection 3. Null Session SMB Enumeration 4. LDAP Anonymous Bind Check 5. Kerberos Username Enumeration 6. Password Brute Force via SMB Login

PreviousActive Directory Attack Lab: Recon-to-Root Next1. Full TCP Port Scan on Target Host