Tryhackme – Active Directory Basics

In this walk through, we will be going through the Active Directory Basics room from Tryhackme. In this room, you will learn about the following topics:

  • What Active Directory is
  • What an Active Directory Domain is
  • What components go into an Active Directory Domain
  • Forests and Domain Trust
  • And much more!

Active Directory Basics

Task 1 – Introduction

Task 1 – Introduction

Task 2 – Windows Domains

Question 1 – In a Windows domain, credentials are stored in a centralized repository called…

Active Directory

Question 2 – The server in charge of running the Active Directory services is called…

Domain Controller

Task 2 - Windows Domains

Task 3 – Active Directory

Question 1 – Which group normally administrates all computers and resources in a domain?

Domain Admins

Question 2 – What would be the name of the machine account associated with a machine named TOM-PC?

TOM-PC$

Question 3 – Suppose our company creates a new department for Quality Assurance. What type of containers should we use to group all Quality Assurance users so that policies can be applied consistently to them?

Organizational Units

Task 3 - Active Directory

Task 4 – Managing Users in AD

Question 1 – What was the flag found on Sophie’s desktop?

Use Phillip’s account to try and reset Sophie’s password using powershell.

  • Username: THM\phillip
  • Password: Claire2008

	
Set-ADAccountPassword sophie -Reset -NewPassword (Read-Host -AsSecureString -Prompt 'New Password') -Verbose

Changing Sophie password

Since we wouldn’t want Sophie to keep on using a password we know, we can also force a password reset at the next logon with the following command:

Set-ADUser -ChangePasswordAtLogon $true -Identity sophie -Verbose

Forcing password reset

Using RDP to connect with the Sophie’s account

Logging in using RDP

Password change option

RDP password change

Getting the Flag on the Desktop

The Flag

THM{thanks_for_contacting_support}

Question 2 – The process of granting privileges to a user over some OU or other AD Object is called…

delegation

Task 4 - Managing Users in AD

Task 5 – Managing Computers in AD

Question 1 – After organizing the available computers, how many ended up in the Workstations OU?

7

Question 2 – Is it recommendable to create separate OUs for Servers and Workstations? (yay/nay)

yay

Task 5 - Managing Computers in AD

Task 6 – Group Policies

Question 1 – What is the name of the network share used to distribute GPOs to domain machines?

sysvol

Question 2 – Can a GPO be used to apply settings to users and computers? (yay/nay)

yay

Task 6 - Group Policies

Task 7 – Authentication Methods

Question 1 – Will a current version of Windows use NetNTLM as the preferred authentication protocol by default? (yay/nay)

nay

Question 2 – When referring to Kerberos, what type of ticket allows us to request further tickets known as TGS?

Ticket Granting Ticket

Question 3 – When using NetNTLM, is a user’s password transmitted over the network at any point? (yay/nay)

nay

Task 7 - Authentication Methods

Task 8 – Trees, Forests and Trusts

Question 1 – What is a group of Windows domains that share the same namespace called?

Tree

Question 2 – What should be configured between two domains for a user in Domain A to access a resource in Domain B?

Trust Relationship

Task 8 - Trees, Forests and Trusts

Task 9 – Conclusion

Task 9 - Conclusion

Also read: Tryhackme – Nmap

Learning Active Directory

So that was it, you now know about the Active Directory realm in Windows Environment. Adding on this, we will be looking into AD pentesting later. As of now, we have covered the basics of Active Directory and we know how to function in an Active Directory environment. We will be going through core windows pentesting with other rooms. Till then, “Hack the planet”.

Leave a Reply

Your email address will not be published. Required fields are marked *