ACTIVEDIRECTORY

hacker in flight guide
ACTIVEDIRECTORY KALI LINUX TRAINING WINDOWS

Busy Week for Hacking

As the title implies, it’s been quite the week of learning. I was furiously attempting to finish the course I’m taking so that I can move onto another one. The one right now has a little bit of everything when it comes to hacking. The next one will focus directly on privilege escalation for Windows, and I’m looking forward to that!

Most of this week has been dedicated to hacking Windows, and playing around with PowerShell to manipulate a computer. There were also some awesome enumeration tools that I was introduced to. Those included PowerView, Bloodhound, smbenumgpp, and winpeas.

Following the enumeration, I learned about some attacks that were pretty awesome. It was impressive how easy it was to take advantage of the convenience of an Active Directory system. Kerberoasting was fun, and used a ticket granting service to make Windows give you the hash dumps. From there, it was simply a matter of obtaining the passwords with hashcat. Those passwords were then used to gain access to the domain controller. Although all pen testing environments won’t offer the same playground, it was important to understand how the system worked in order to open my eyes up to the challenges of a client’s Windows network. It also showed me just how important it was to make sure that a network and all of its users employs very strong passwords of over 14 characters. In addition, this environment of which I was playing gave domain admin to local user accounts on workstations. That made it rather easy to hack as well.

Continue Reading
hacker in flight guide
ACTIVEDIRECTORY WINDOWS

Open the Window

Today was a fun day because I was finally able to delve into Windows hacking.  I’ve been concentrating on unix machines for quite a while now, and have been very curious about the various hacks that can occur.  I now, finally, have some insights into them.

The thing is, I’ve been using Windows (both server and desktop) for years, and have been very aware of the defenses we use on an enterprise network to detect, track, and overcome attacks.  In fact, I was the lead on a project to get our network rid of the ‘welchia’ virus back in 2003; it was a crazy replicating virus that denied us our network, but didn’t cause any damage.  So knowing Windows, and having been an admin on several large networks, i’m realizing now just how much we didn’t know!

Taking advantage of the features within an Active Domain system, the hacks performed today weren’t even owning the boxes… they were simply intercepting things like password hashes via the standard operating procedures that Windows uses.  It was pretty easy, in fact… scary easy.

One of the things learned today that was a surprise to me was that I could run the program hashcat on Windows.  Throughout this journey, I’ve set up several versions of hacking platforms, and all had hashcat installed by default.  The problem always was the access to video card drivers.  I’ll probably write more about that at another time (I took notes each time I did an install), but for now, I’ll say that being able to run hashcat on Windows allows me to use my huge rig that houses my VMs to also access the graphics card directly.  VMs are unable to have direct access to the PCI bus, which is why I was building a bare-metal rig to do nothing but hashcat.  Now, I can use that as a backup firewall for my segmented networks, and also monitor the resources used by hashcat on Windows.  I thought that was pretty cool.

So overall, a LOT was learned today, and a possible change in my network structure was considered.  I haven’t changed anything yet, but if I do, I’ll write it up.  There’s a lot more to do in the Windows privilege escalation realm, and I’m well on my way to learning it.  I’ve purchased an entire course on nothing but this topic, and can’t wait to start it.  I’ll let you know if the class was worth it, but i have a feeling i already know the answer.  See my references page for all of the courses I’ve taken, and if they were worth the my time.

Scroll to top