Active Directory Penetration Testing | E ...

Active Directory Penetration Testing | EP4 | TryHackMe Attacktive Directory

Feb 25, 2024

We covered a scenario of Windows active directory penetration testing where we demonstrated basic enumeration using Nmap then performed ASREPRoasting against the Kerberos protocol to list the active users and their tokens. Then we escalated the privileges using the NTDS database.

Challenge Description

99% of Corporate networks run off of AD. But can you exploit a vulnerable Domain Controller?

Video Highlights

Basic enumeration starts out with an nmap scan. Nmap is a relatively complex utility that has been refined over the years to detect what ports are open on a device, what services are running, and even detect what operating system is running. It’s important to note that not all services may be deteted correctly and not enumerated to it’s fullest potential. Despite nmap being an overly complex utility, it cannot enumerate everything. Therefore after an initial nmap scan we’ll be using other utilities to help us enumerate the services running on the device.

Room Answers

Room answers can be found here.

Video Walkthrough

Enjoy this post?

Buy Motasem Hamdan / MasterMinds Group a pizza

More from Motasem Hamdan / MasterMinds Group

PrivacyTermsReport