Attacking Active Directory "Services" TryHackMe CTF Walkthrough

In this walkthrough I'll demonstrate some basic ways to attack active directory on a windows corporate network. Along the way we'll explore kerberos preauthentication and also how to capture and crack a password hash using a technique known as AS-REP-ROASTING. Writeups are available on the #CTF_Walkthrough_Wiki https://github.com/CTF-Walkthroughs/CTF-Walkthroughs-Wiki/wiki My homepage: https://www.benreitz.com tags: enumerate, hash cracking, exploit, brute-force Chapters: 0:00 Intro 1:00 Setting up 1:08 Initial Enumeration 3:00 Regular Expressions 5:03 Walking the website 7:41 Listing Usernames 8:52 AD Username Enumeration with Kerbrute 11:50 Capturing a Hash with GetNPUsers.py 12:59 Hash Cracking with Hashcat! 15:22 Logging in with evil-winrm 16:32 Enum for privesc 18:21 Binpath Hijacking 20:50 Change admin password 21:38 Log in as admin and grab the flags!