Active Directory Penetration Testing normally covers exploiting misconfiguration within the Active Directory(AD). I’m still in the progress of learning Active Directory Penetration Testing so let learn together.
Let recap on the objective of the Penetration Testing which to find or identify any vulnerabilities that reside within the system and application.
Phase 1: Information Gathering
The first thing that pentester will do is Information Gathering before starting to proceed with another phase in Penetration Testing.
For the phase, we will running the nmap tools where it will provide a few details about the server.
Other tools that we can use for this phrase might as well known as Responder. The purpose of the Responder would be to check on AD if there is misconfiguration that has been implemented. This might lead to conduct Web Proxy Auto-Discovery (WPAD) and NBT-NS poisoning in the progress.
In the new Kali Linux 2020, there has a separate option for easier usage to the users. The user can see the option listed as been screenshot above shown.
Phrase 3: Exploitation
We will skip the analysis process because that phrase will only focus on the result of the Phrase 1.
In this Phrase 3: Exploitation, I will look into the LDAP exploit if the AD is vulnerable to LDAP bugs. Some people can go find it using the browser while in my case, I will look using searchsploit which is easier for me.
Below are the python script that I will use for this phrase but the different cases will use the different exploit.
For the pentester to use the exploit above, the pentester will have to execute the following command:
32586.py <ip address>
Other exploit that mentioned above, we also can make use of the python code smbserver.py
The python code can be found over here and the command to excute this python code would be :
smbserver.py <IP address> –smb2support SMB