Active Directory

Introduction Active Directory (AD) is a directory service developed by Microsoft for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was used only for centralized domain management. However, Active Directory became an umbrella title for a broad range of directory-related services. A directory is a hierarchical structure that stores information about objects on the network. A directory service, such as Active Directory Domain Services (AD DS), provides the methods for storing directory data and making this data available to network users and administrators....

This machine is classified as Medium difficulty by Micah but may seem hard as it takes tons of enumeration against a domain controller with a webserver running. On the webserver, we will find a documents uploads folder, using its naming convention; we will brute for each and every uploaded document as their meta data contains usernames which eventually leads to getting a default password. We will password spray with the enumerated users and find one valid user....

This box maybe classified as an easy machine but takes prior knowledge to solve, made by egre55 and mrb3n on HackTheBox. We gain our foothold by enumerating RPC where we get usernames, then we will Kerberoast the usernames until we get a Kerberos ticket hash, then crack it and get in as the user. For privilege escalation, we will abuse Access Control List-based permission to add a new user, add the new user to a group that will enable us to get the Administrator hash; we will use Pass-The-Hash and login as Administrator....