In this walk through, we will be going through the Active Directory Basics room from Tryhackme. In this room, you will learn about the following topics:
- What Active Directory is
- What an Active Directory Domain is
- What components go into an Active Directory Domain
- Forests and Domain Trust
- And much more!
Task 1 – Introduction
Task 2 – Windows Domains
Question 1 – In a Windows domain, credentials are stored in a centralized repository called…
Question 2 – The server in charge of running the Active Directory services is called…
Task 3 – Active Directory
Question 1 – Which group normally administrates all computers and resources in a domain?
Question 2 – What would be the name of the machine account associated with a machine named TOM-PC?
Question 3 – Suppose our company creates a new department for Quality Assurance. What type of containers should we use to group all Quality Assurance users so that policies can be applied consistently to them?
Task 4 – Managing Users in AD
Question 1 – What was the flag found on Sophie’s desktop?
Use Phillip’s account to try and reset Sophie’s password using powershell.
- Password: Claire2008
Set-ADAccountPassword sophie -Reset -NewPassword (Read-Host -AsSecureString -Prompt 'New Password') -Verbose
Since we wouldn’t want Sophie to keep on using a password we know, we can also force a password reset at the next logon with the following command:
Set-ADUser -ChangePasswordAtLogon $true -Identity sophie -Verbose
Using RDP to connect with the Sophie’s account
Getting the Flag on the Desktop
Question 2 – The process of granting privileges to a user over some OU or other AD Object is called…
Task 5 – Managing Computers in AD
Question 1 – After organizing the available computers, how many ended up in the Workstations OU?
Question 2 – Is it recommendable to create separate OUs for Servers and Workstations? (yay/nay)
Task 6 – Group Policies
Question 1 – What is the name of the network share used to distribute GPOs to domain machines?
Question 2 – Can a GPO be used to apply settings to users and computers? (yay/nay)
Task 7 – Authentication Methods
Question 1 – Will a current version of Windows use NetNTLM as the preferred authentication protocol by default? (yay/nay)
Question 2 – When referring to Kerberos, what type of ticket allows us to request further tickets known as TGS?
Ticket Granting Ticket
Question 3 – When using NetNTLM, is a user’s password transmitted over the network at any point? (yay/nay)
Task 8 – Trees, Forests and Trusts
Question 1 – What is a group of Windows domains that share the same namespace called?
Question 2 – What should be configured between two domains for a user in Domain A to access a resource in Domain B?
Task 9 – Conclusion
Also read: Tryhackme – Nmap
So that was it, you now know about the Active Directory realm in Windows Environment. Adding on this, we will be looking into AD pentesting later. As of now, we have covered the basics of Active Directory and we know how to function in an Active Directory environment. We will be going through core windows pentesting with other rooms. Till then, “Hack the planet”.