A recent pentest exposed to me in more full gory detail how much I still don't know about working in AD and various terminologies. For the first time in a while I was able to successfully capture and crack NetNTLMv2 hashes captured using Responder. However I was stymied by metasploit's psexec not working, until I stumbled across CrackMapExec and found that requests spawned with WMI work but psexec didn't. Then I slowly made my way to various systems and discovered that I don't know nearly enough what can actually be done with Domain Admin. I could even potentially use impersonization/delegation tokens for DAs but decided not to.
So now my priority goals going forward are two-fold:
1. Set up an Active Directory lab at home. There are plenty of guides available. Most likely it would be on my Thinkpad T460p, which was purchased almost specifically for this purpose. (Now if I can just get it to stop shutting off every time the battery wiggles inadvertently...) This gives it the element of portability.
2. Really practice with some VMs. Set up some sort of environment which requires heavy use of Metasploit and meterpreter to obtain elevated privileges/credentials/access/whatever. That way I won't flail around when encountering an AD environment.
Of course I'll also finish setting up the new EdgeRouter X courtesy of this guide: https://github.com/mjp66/Ubiquiti. I would never have managed the job without this document. The only things remaining are resolving some DNS issues, getting the Tor relay back up and running either on its own untrusted network or SSH-limited on the same home network, and changing the Edgerouter to use DNSMasq and getting the pihole to serve DNS requests instead.
So now my priority goals going forward are two-fold:
1. Set up an Active Directory lab at home. There are plenty of guides available. Most likely it would be on my Thinkpad T460p, which was purchased almost specifically for this purpose. (Now if I can just get it to stop shutting off every time the battery wiggles inadvertently...) This gives it the element of portability.
2. Really practice with some VMs. Set up some sort of environment which requires heavy use of Metasploit and meterpreter to obtain elevated privileges/credentials/access/whatever. That way I won't flail around when encountering an AD environment.
Of course I'll also finish setting up the new EdgeRouter X courtesy of this guide: https://github.com/mjp66/Ubiquiti. I would never have managed the job without this document. The only things remaining are resolving some DNS issues, getting the Tor relay back up and running either on its own untrusted network or SSH-limited on the same home network, and changing the Edgerouter to use DNSMasq and getting the pihole to serve DNS requests instead.
No comments:
Post a Comment