๐Ÿšฉ
THM Walkthroughs
  • THM Walkthroughs
    • ๐Ÿง‘โ€๐ŸซTutorial
  • ๐ŸŸฆDifficulty: Info
    • ๐Ÿ”ŒWhat is Networking?
    • ๐Ÿ”ŒIntro to LAN
    • ๐ŸงLinux Fundamentals
      • ๐ŸงLinux Fundamentals Part 1
        • Task 2 - A Bit of Background on Linux
        • Task 4 - Running Your First few Commands
        • Task 5 - Interacting With the Filesystem!
        • Task 6 - Searching for Files
        • Task 7 - An Introduction to Shell Operators
      • ๐ŸงLinux Fundamentals Part 2
        • Task 3 - Introduction to Flags and Switches
        • Task 4 - Filesystem Interaction Continued
        • Task 5 - Permissions 101
        • Task 6 - Common Directories
      • ๐ŸงLinux Fundamentals Part 3
        • Task 3 - Terminal Text Editors
        • Task 4 - General/Useful Utilities
        • Task 5 - Processes 101
        • Task 6 - Maintaining Your System: Automation
        • Task 8 - Maintaining Your System: Logs
    • ๐ŸชŸWindows Fundamentals
      • ๐ŸชŸWindows Fundamentals 1
      • ๐ŸชŸWindows Fundamentals 2
      • ๐ŸชŸWindows Fundamentals 3
    • ๐Ÿ”“Principles of Security
    • ๐ŸPython Basics
    • ๐Ÿ”History of Malware
    • ๐ŸฆนCommon Attacks
    • ๐Ÿ–ฅ๏ธSecurity Awareness
    • โš”๏ธIntro to Offensive Security
    • ๐ŸฆนPentesting Fundamentals
    • ๐Ÿ”“CVE Walkthroughs
      • ๐Ÿ–ฅ๏ธSudo Security Bypass: CVE-2019-14287
      • ๐Ÿ–ฅ๏ธSudo Buffer Overflow: CVE-2019-18634
      • ๐Ÿ–ฅ๏ธBaron Samedit: CVE-2021-3156
      • ๐Ÿ–ฅ๏ธOverlayFS: CVE-2021-3493
      • ๐Ÿ–ฅ๏ธPolkit: CVE-2021-3560
      • ๐Ÿ–ฅ๏ธPwnkit: CVE-2021-4034
      • ๐ŸชถApache HTTP Server Path Traversal: CVE-2021-41773/42013
      • ๐ŸงปDirty Pipe: CVE-2022-0847
      • ๐ŸŸขSpring4Shell: CVE-2022-22965
    • ๐ŸŸงBurp Suite
      • ๐ŸŸงBurp Suite: The Basics
      • ๐ŸŸงBurp Suite: Repeater
    • ๐ŸChallenges
      • โคด๏ธBypass Disable Functions
    • ๐ŸŽŸ๏ธTHM PROMOs
      • ๐ŸŽŸ๏ธLearn and win prizes [PROMO ENDED]
      • ๐ŸŽŸ๏ธLearn and win prizes #2 [PROMO ENDED]
  • ๐ŸŸฉDifficulty: Easy
    • ๐Ÿš€Learning Cyber Security
    • ๐Ÿ”The Hacker Methodology
    • ๐Ÿ”Google Dorking
      • Task 2 - Let's Learn About Crawlers
      • Task 4 - Beepboop - Robots.txt
      • Task 5 - Sitemaps
      • Task 6 - What is Google Dorking?
    • ๐ŸOWASP Top 10
      • Task 5 - Command Injection Practical
      • Task 7 - Broken Authentication Practical
      • Task 11 - Sensitive Data Exposure (Challenge)
      • Task 13 - XML External Entity - eXtensible Markup Language
      • Task 14 - XML External Entity - DTD
      • Task 16 - XML External Entity - Exploiting
      • Task 18 - Broken Access Control (IDOR Challenge)
      • Task 19 - Security Misconfiguration
      • Task 20 - Cross-site Scripting
      • Task 21 - Insecure Deserialization
      • Task 24 - Insecure Deserialization - Cookies
      • Task 25 - Insecure Deserialization - Cookies Practical
      • Task 30 - Insufficient Logging and Monitoring
    • ๐Ÿ“กNmap
      • Task 2 - Introduction
      • Task 3 - Nmap Switches
      • Task 5 - TCP Connect Scans
      • Task 6 - Scan Types SYN Scans
      • Task 7 - UDP Scans
      • Task 8 - NULL, FIN and Xmas
      • Task 9 - ICMP Network Scanning
      • Task 10 - NSE Scripts Overview
      • Task 11 - Working with the NSE
      • Task 12 - Searching for Scripts
      • Task 13 - Firewall Evasion
      • Task 14 - Practical
    • ๐Ÿ“กRustScan
      • Task 2 - Installing RustScan
      • Task 5 - Extensible
      • Task 7 - Scanning Time!
      • Task 8 - RustScan Quiz
    • ๐Ÿ™Crack the hash
    • ๐ŸŒOhSINT
    • ๐Ÿง‘โ€๐Ÿš€Vulnversity
    • ๐ŸงŠIce
    • ๐ŸชŸBlue
    • ๐ŸŽ„Advent of Cyber 4 (2022)
  • ๐ŸŸจDifficulty: Medium
    • ๐ŸชŸAttacktive Directory
      • Task 3 - Welcome to Attacktive Directory
      • Task 4 - Enumerating Users via Kerberos
      • Task 5 - Abusing Kerberos
      • Task 6 - Back to the Basics
      • Task 7 - Elevating Privileges within the Domain
      • Task 8 - Flag Submission Panel
    • ๐Ÿ’€Mr Robot CTF
    • ๐Ÿ›—Linux PrivEsc
    • ๐Ÿ›—Linux PrivEsc Arena [WIP]
    • ๐Ÿ›—Windows PrivEsc Arena
  • ๐ŸŸงDifficulty: Hard
    • ๐Ÿ˜Hacking Hadoop [WIP]
  • ๐ŸŸฅDifficulty: Insane
    • โ›บYou're in a cave [WIP]
  • Blank Room (Duplicate Me)
Powered by GitBook
On this page
  • Task 1 Intro Deploy The Machine
  • Task 2 Intro Setup
  • Task 3 Enumeration Welcome to Attacktive Directory
  • Task 4 Enumeration Enumerating Users via Kerberos
  • Task 5 Exploitation Abusing Kerberos
  • Task 6 Enumeration Back to the Basics
  • Task 7 Domain Privilege Escalation Elevating Privileges within the Domain
  • Task 8 Flag Submission Flag Submission Panel

๐ŸชŸAttacktive Directory

99% of Corporate networks run off of AD. But can you exploit a vulnerable Domain Controller?

PreviousDifficulty: MediumNextTask 3 - Welcome to Attacktive Directory

Last updated 2 years ago

Room AttributesValue

Subscription Required

False [Free]

Type

Challenges (CTF)

Difficulty

Medium

Tags

Active Directory, AD, Kerberos, SMB

Task 1 Intro Deploy The Machine

The first four questions are part of a mini-walkthrough that cover getting access to the target machine. They all require no answer so just follow the steps to get connected to the VPN, deploy the machine and get hacking!

Task 2 Intro Setup

Install Impacket

Impacket is a collection of Python classes for working with network protocols. Enter the following commands into your kali linux terminal to add the repo to your /opt/impacket folder and to install with python3:

sudo git clone https://github.com/SecureAuthCorp/impacket.git/opt/impacket

sudo pip3 install -r /opt/impacket/requirements.txt

cd /opt/impacket/

sudo pip3 install .

sudo python3 setup.py install

Bloodhound and Neo4j

This section of the THM walkthrough states that the lab uses Bloodhound to attack the Attacktive Directory target machine but since the May 2021 room renovation is no longer does so you can skip this section if you want.

Install Bloodhound and its database dependency neo4j via apt:

apt install bloodhound neo4j

Task 3 Enumeration Welcome to Attacktive Directory

Task 3 - Welcome to Attacktive Directory

Task 4 Enumeration Enumerating Users via Kerberos

Task 4 - Enumerating Users via Kerberos

Task 5 Exploitation Abusing Kerberos

Task 5 - Abusing Kerberos

Task 6 Enumeration Back to the Basics

Task 6 - Back to the Basics

Task 7 Domain Privilege Escalation Elevating Privileges within the Domain

Task 7 - Elevating Privileges within the Domain

Task 8 Flag Submission Flag Submission Panel

Task 8 - Flag Submission Panel
LogoTryHackMe | Attacktive DirectoryTryHackMe
https://tryhackme.com/room/attacktivedirectory
Page cover image