Anyone here who already went through the AD Environment of “Documentation and Reporting” Module?
I am trying to get organized with the existing documentation and artifacts of the simulated “penetration test” and currently feel a bit overwhelmed how to move forward…
Although I’m seeing some comments that the hash is already there for you, I completed this lab with a different approach. Here is some guidance
Read and reread through the findings carefully
Recall that the steps for the lab include “Enumerate and exploit all 13 findings listed and gather evidence for the findings that don’t have any evidence recorded”. Why don’t we start at the top and work our way down? Might need to “dig in further”.
Collect all of the users and passwords you have from the notes
What ways can we collect more users and credentials (hashes included)
Now that we have hashes, lets crack them too
Now it comes down to trying each set of credentials to see which one gets us in the DC
Now we’re in. Having trouble dumping hashes? Find a process that should have all the privileges necessary and try again!
This lab is overwhelming at first because there is alot to look at. Take your time, read through it, see what you have, and see what methods are provided for you to find more.
This assessment is definitely tricky…@magic is right with the process and to start from the top and pick up where the author left off. I got stuck thinking the lead with the account description fields was solid, but it’s not and may be misleading. Best advice is to pick up at other spots and go from there.
As soon as you successfully land on one of the machines, reiterate on the enumeration process. That involves searching for credentials, trying known credentials across all services and look if you can dump further hashes or logon- passwords from memory, from credential vault, lsass, ntdis.dit, etc…
Hello! I also have questions about the final task. I made points 1 and 4, I am on the DC. Additionally, I found a number of other accesses: librarian, HTB_…_r00t!@0, … But with "submit the NTLM hash of the KRBTGT account " I don’t understand how to do it, because I don’t see any way to run the necessary utilities. Maybe it’s simple, but I’m not familiar with AD. Regarding question 3 “Dump the NTDS file”, similarly, I don’t understand how to run the necessary software on the DC machine. Maybe there are more clues?
So I created a DRAFT report as recommended at the end of the skills assessment. Is anyone willing to do QA with me? Struggling to find anyone on discord(which is understandable). I feel like this stuff is pretty important, regardless of whether or not it’s exciting.