Documentation & Reporting - Skills Assessment

Rapunzel3000 · August 8, 2022, 3:31pm

Anyone here who already went through the AD Environment of “Documentation and Reporting” Module?
I am trying to get organized with the existing documentation and artifacts of the simulated “penetration test” and currently feel a bit overwhelmed how to move forward…

Any hints are much appreciated!

PaoloCMP · August 10, 2022, 1:17pm

Me too. I can’t use any given infos

analytica · August 29, 2022, 10:30pm

Hey there I just completed this module. How can I be of assistance?

DCorn321 · September 1, 2022, 2:12pm

Me too. stuck in the second question.

5n34ky · September 22, 2022, 3:18pm

Someone can help me for the first question? I don’t undestand what I must to do after login in xfree service.

AKozak · December 1, 2022, 12:23am

Can you help me out with this? I’m assuming it should be simple but I honestly have no idea how to move forward

remio · December 5, 2022, 3:06pm

Hello i have the hash but i doesnt want to connect

J4rvis · February 6, 2023, 5:55pm

i know its a bit late, did u find a way?

J4rvis · February 7, 2023, 9:56am

you mean that ADMIN:“hash” ? thank you anyway, will try!

J4rvis · February 12, 2023, 1:06pm

tried a 2nd time on this exercise but still stuck, can somebody dm me with a tip please? i tried PTH but no success

magic · February 15, 2023, 1:31am

Although I’m seeing some comments that the hash is already there for you, I completed this lab with a different approach. Here is some guidance

Read and reread through the findings carefully
Recall that the steps for the lab include “Enumerate and exploit all 13 findings listed and gather evidence for the findings that don’t have any evidence recorded”. Why don’t we start at the top and work our way down? Might need to “dig in further”.
Collect all of the users and passwords you have from the notes
What ways can we collect more users and credentials (hashes included)
Now that we have hashes, lets crack them too
Now it comes down to trying each set of credentials to see which one gets us in the DC
Now we’re in. Having trouble dumping hashes? Find a process that should have all the privileges necessary and try again!

This lab is overwhelming at first because there is alot to look at. Take your time, read through it, see what you have, and see what methods are provided for you to find more.

lmk if you have questions

magic · February 15, 2023, 1:32am

What have you tried so far?

Rapunzel3000 · February 15, 2023, 1:23pm

Very good comment! Leaving the admin hash aside, it is always a good stratefy to come up with a consistent methodology to approach AD targets:

look for anonymous logins → look for usernames (+ ASRep Roastable Users) → look for passwords/ hashes → try credentials across all services (+Kerberoast) → repeat

Also very helpful for this process:
https://wadcoms.github.io/

Gateberg · February 17, 2023, 7:51pm

This assessment is definitely tricky…@magic is right with the process and to start from the top and pick up where the author left off. I got stuck thinking the lead with the account description fields was solid, but it’s not and may be misleading. Best advice is to pick up at other spots and go from there.

jamestar · February 18, 2023, 2:00am

Can’t find the way, any hint about the spot?..thanks!

Gateberg · February 18, 2023, 3:18am

Check the findings, the tester said they want to carry on with something but didnt

Rapunzel3000 · March 18, 2023, 6:23pm

As soon as you successfully land on one of the machines, reiterate on the enumeration process. That involves searching for credentials, trying known credentials across all services and look if you can dump further hashes or logon- passwords from memory, from credential vault, lsass, ntdis.dit, etc…