Anyone here who already went through the AD Environment of “Documentation and Reporting” Module?
I am trying to get organized with the existing documentation and artifacts of the simulated “penetration test” and currently feel a bit overwhelmed how to move forward…
Although I’m seeing some comments that the hash is already there for you, I completed this lab with a different approach. Here is some guidance
Read and reread through the findings carefully
Recall that the steps for the lab include “Enumerate and exploit all 13 findings listed and gather evidence for the findings that don’t have any evidence recorded”. Why don’t we start at the top and work our way down? Might need to “dig in further”.
Collect all of the users and passwords you have from the notes
What ways can we collect more users and credentials (hashes included)
Now that we have hashes, lets crack them too
Now it comes down to trying each set of credentials to see which one gets us in the DC
Now we’re in. Having trouble dumping hashes? Find a process that should have all the privileges necessary and try again!
This lab is overwhelming at first because there is alot to look at. Take your time, read through it, see what you have, and see what methods are provided for you to find more.
This assessment is definitely tricky…@magic is right with the process and to start from the top and pick up where the author left off. I got stuck thinking the lead with the account description fields was solid, but it’s not and may be misleading. Best advice is to pick up at other spots and go from there.
As soon as you successfully land on one of the machines, reiterate on the enumeration process. That involves searching for credentials, trying known credentials across all services and look if you can dump further hashes or logon- passwords from memory, from credential vault, lsass, ntdis.dit, etc…