🪟Attacktive Directory

99% of Corporate networks run off of AD. But can you exploit a vulnerable Domain Controller?

TryHackMe | Attacktive DirectoryTryHackMe

https://tryhackme.com/room/attacktivedirectory

Room Attributes	Value
Subscription Required	False [Free]
Type	Challenges (CTF)
Difficulty	Medium
Tags	Active Directory, AD, Kerberos, SMB

Task 1 Intro Deploy The Machine

The first four questions are part of a mini-walkthrough that cover getting access to the target machine. They all require no answer so just follow the steps to get connected to the VPN, deploy the machine and get hacking!

Task 2 Intro Setup

Install Impacket

Install Impacket

Impacket is a collection of Python classes for working with network protocols. Enter the following commands into your kali linux terminal to add the repo to your /opt/impacket folder and to install with python3:

sudo git clone https://github.com/SecureAuthCorp/impacket.git/opt/impacket

sudo pip3 install -r /opt/impacket/requirements.txt

cd /opt/impacket/

sudo pip3 install .

sudo python3 setup.py install

Install Bloodhound and Neo4j (Optional)

Bloodhound and Neo4j

This section of the THM walkthrough states that the lab uses Bloodhound to attack the Attacktive Directory target machine but since the May 2021 room renovation is no longer does so you can skip this section if you want.

Install Bloodhound and its database dependency neo4j via apt:

apt install bloodhound neo4j

Task 3 Enumeration Welcome to Attacktive Directory

Task 3 - Welcome to Attacktive Directory

Task 4 Enumeration Enumerating Users via Kerberos

Task 4 - Enumerating Users via Kerberos

Task 5 Exploitation Abusing Kerberos

Task 5 - Abusing Kerberos

Task 6 Enumeration Back to the Basics

Task 6 - Back to the Basics

Task 7 Domain Privilege Escalation Elevating Privileges within the Domain

Task 7 - Elevating Privileges within the Domain

Task 8 Flag Submission Flag Submission Panel

Task 8 - Flag Submission Panel