In this walk through, we will be going through the Active Directory Basics room from Tryhackme. In this room, you will learn about the following topics:
- What Active Directory is
- What an Active Directory Domain is
- What components go into an Active Directory Domain
- Forests and Domain Trust
- And much more!
Task 1 – Introduction
Task 2 – Windows Domains
Question 1 – In a Windows domain, credentials are stored in a centralized repository called…
Active Directory
Question 2 – The server in charge of running the Active Directory services is called…
Domain Controller
Task 3 – Active Directory
Question 1 – Which group normally administrates all computers and resources in a domain?
Domain Admins
Question 2 – What would be the name of the machine account associated with a machine named TOM-PC?
TOM-PC$
Question 3 – Suppose our company creates a new department for Quality Assurance. What type of containers should we use to group all Quality Assurance users so that policies can be applied consistently to them?
Organizational Units
Task 4 – Managing Users in AD
Question 1 – What was the flag found on Sophie’s desktop?
Use Phillip’s account to try and reset Sophie’s password using powershell.
- Username:
THM\phillip - Password: Claire2008
Set-ADAccountPassword sophie -Reset -NewPassword (Read-Host -AsSecureString -Prompt 'New Password') -Verbose
Since we wouldn’t want Sophie to keep on using a password we know, we can also force a password reset at the next logon with the following command:
Set-ADUser -ChangePasswordAtLogon $true -Identity sophie -Verbose
Using RDP to connect with the Sophie’s account
Getting the Flag on the Desktop
THM{thanks_for_contacting_support}Question 2 – The process of granting privileges to a user over some OU or other AD Object is called…
delegation
Task 5 – Managing Computers in AD
Question 1 – After organizing the available computers, how many ended up in the Workstations OU?
7
Question 2 – Is it recommendable to create separate OUs for Servers and Workstations? (yay/nay)
yay
Task 6 – Group Policies
Question 1 – What is the name of the network share used to distribute GPOs to domain machines?
sysvol
Question 2 – Can a GPO be used to apply settings to users and computers? (yay/nay)
yay
Task 7 – Authentication Methods
Question 1 – Will a current version of Windows use NetNTLM as the preferred authentication protocol by default? (yay/nay)
nay
Question 2 – When referring to Kerberos, what type of ticket allows us to request further tickets known as TGS?
Ticket Granting Ticket
Question 3 – When using NetNTLM, is a user’s password transmitted over the network at any point? (yay/nay)
nay
Task 8 – Trees, Forests and Trusts
Question 1 – What is a group of Windows domains that share the same namespace called?
Tree
Question 2 – What should be configured between two domains for a user in Domain A to access a resource in Domain B?
Trust Relationship
Task 9 – Conclusion
Also read: Tryhackme – Nmap
So that was it, you now know about the Active Directory realm in Windows Environment. Adding on this, we will be looking into AD pentesting later. As of now, we have covered the basics of Active Directory and we know how to function in an Active Directory environment. We will be going through core windows pentesting with other rooms. Till then, “Hack the planet”.
