ACTIVE DIRECTORY
Active Directory (AD) is a Microsoft technology used to manage computers and other devices on a network. It is a primary feature of Windows server, that an operating system that runs both local and Internet-based servers. Using it you can to control domain computers and services that are running on every node of your domain.
Active Directories allows network administrators to add/create domains, users and objects within a network. Let's take an example- An admin can create a group of users and give them privileges to certain directories on the server. As network grows, AD provides a way to organise a large number of users into logical groups and sub groups, while providing access control to each level.
Structure of AD :
- Domains - several users or devices that all use the same database may be grouped into a single domain.
- Trees - Multiple domains can be combined into as single group called a tree.
- Forests - Multiple trees grouped into one called forest.
Services that AD provides :
- Domain Services - Domain services store centralized data and manages communication between users and domains. This includes login authentication and search functionality.
- Certificate Services - Certificate services creates, distributes, and manages secure certificates.
- Lightweight Directory Services - These supports directory enabled applications using an open LDPA protocol.
- Directory Fedeeration Services - These provide single sign-on (SSO) to authenticate a user in multiple web applications in a single session.
- Rights management - Protects copyrighted information by preventing unauthorized use and distribution of digital content.
Active directory penetration testing -
Every user can enter a domain by having an account in the domain controller (DC). All this information is collected by the Active Directory user. In the username there are 2 parts the first is the domain name and the second is your username. Like Domain\User
Level 1 - Reconnaissance
C:\>net user
By running this command in windows CMD you can easily see local users on your network/PC.
C:\>whoami
This command can help you to see current user logged in.
C:\>whoami/groups
This command helps you to show you current group.
C:\>net user\domain
This command shows all users from any group inn Active Directory.
C:\>net user [username] domain
Using this you can see every user's group in the active directory.
There are about 12 thousand Poweshell codes to look at AD. You can download the script from GitHub:
when you get all data that you need, now you can execute different attacks on users like :
BRUTEFORCE ATTACK - for brutefore attack on active directory, you can use Metasploit Framework auxiliaries.
msf > use auxiliary/scanner/smb/smb_login
in options of this auxiliary we can set username file and password file and set an IP that have SMB service as open. Then you can running this auxiliary by entering run command.
If you try it on all accounts, all users will be disable and you can see disorder in network. As you can see in Password Policy, you can set your password list to brute-force.
All hashes are stored in a file named NTDS.dit in the location C:\Windows\NTDS. YOu can extract the hashes from the file by using mimikatz. it has a feature which utilizes the Directory Replication Service (DRS) to retrive the password hashes from NTDS.dit file. You can run it as you can see below -
mimikatz # lsadump::dcsync /domain:pentestlab.local /all /csv
Then you can see hashes and password if passwords can be find.
Part-1 of Active Directory soon
Knowledge sharing is atmost quality of Knowledge gaining, Share the content to your friends.
For more content and quries SUBSCRIBE our blog
Thankyou.
![BEST BOOKS TO LEARN HACKING | ETHICAL HACKING [ Download books for free ]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsZM-Ivom3_V4vw0mAxdFMx0hGgZE1Dnf2ZVld3kANoVKGdOZaMXeiLEAoYMUu68EMNs2JfMOChu0p_0uNRLcYfoAQGzNQ9vvxXXe6MdkOOvFjCTcjSXDiWgIYPEUAA7AwKqNBtLL9aaM/w680/10-Best-Hacking-Books-Every-Hacker.jpg)
0 Comments