TryHackMe Intro to AD Breaching

Explore AD breaching including username enumeration, password spraying, coercion, and mitigations. 🤖🤖 Room link: https://tryhackme.com/room/introductiontoactivedirectorybreaching 🦊 Learning Objectives 🦊 In this room, you will learn: 🐱 The principle and methodology for breaching AD environments 🐱 Enumerating valid usernames with Kerbrute and performing password spraying attacks 🐱 An introduction in to the world of authentication coercion and coercion-based breaches 🐱 Common mitigations to protect against these breaching techniques 🦊 Room Tasks: 🦊 🌳 Task 1: Introduction 🐈 Task 2: Active Directory Breaches - What is the first phase of any AD attack chain? - What service, running on TCP port 88, can be abused to validate whether usernames exist in the domain? 🐹 Task 3: OSINT and Target Reconnaissance - How many valid usernames did Kerbrute discover? - What is the organisation's username format 🦧 Task 4: Credential Discovery - What is the password for the svc.jenkins account found in the Git commit history? - What default password was leaked in the Jenkins build logs? 🐃 Task 5: Username Enumeration and Password Spraying - How many accounts were cracked using the brute force attack? - Which is the first user account (alphabetically) that uses the default onboarding password? 🐏 Task 6: Coercion Attacks - What is the Bind DN of the service account captured during the LDAP passback attack? - What is the plaintext password captured from the LDAP passback? - What is the cracked password for sarah.jones obtained through file-based coercion? 🦊 Task 7: Mitigations - What Group Policy setting can be configured to enforce NTLMv2 and refuse older LM and NTLM responses? - What port should be used instead of port 389 to ensure LDAP traffic is encrypted? 🦌 Task 8: Conclusion ⚠️ Educational Purpose Only This content is for educational and authorized penetration testing purposes only. Always ensure you have permission before testing on any systems. Don't forget to 👍 LIKE and 🔔 SUBSCRIBE for more cybersecurity tutorials! #TryHackMe