We covered a scenario of Windows active directory penetration testing where we demonstrated basic enumeration using Nmap then performed ASREPRoasting against the Kerberos protocol to list the active users and their tokens. Then we escalated the privileges using the NTDS database.
Challenge Description
99% of Corporate networks run off of AD. But can you exploit a vulnerable Domain Controller?
Video Highlights
Basic enumeration starts out with an nmap scan. Nmap is a relatively complex utility that has been refined over the years to detect what ports are open on a device, what services are running, and even detect what operating system is running. It’s important to note that not all services may be deteted correctly and not enumerated to it’s fullest potential. Despite nmap being an overly complex utility, it cannot enumerate everything. Therefore after an initial nmap scan we’ll be using other utilities to help us enumerate the services running on the device.
Room Answers
Room answers can be found here.