Gain experience in penetration testing through a purposely built vulnerable lab.
Target Audience:
Beginners with basic Linux skills and familiarity with the command line and penetration testing tools (e.g., Kali Linux, Parrot Security OS).
Challenge Details:
Total Flags: 5 (clues provided for beginners).
Ultimate Goal: Access and read the flag in the root’s home directory.
Privilege Requirement: Root privileges needed for final flag, but not to access other flags.
Approach:
Explore multiple pathways to gain root access.
Beginners may face unfamiliar challenges; online resources can assist in overcoming these.
Key Skills Required:
Basic Linux command line proficiency
Familiarity with penetration testing methodologies and tools
Active Host discovery:
Thenetdiscover -i eth0command is used to scan the local network for active hosts on the specified interface (eth0).
Scanning:
The commandnmap -Pn -A 192.168.1.109performs an in-depth scan of the IP address 192.168.1.109. It bypasses host discovery with the-Pnoption, assuming the host is online, and uses the-Aflag to enable advanced features like operating system detection and version identification of services.
The command gobuster dir -u http://192.168.1.109/ -w /usr/share/wordlists/dirb/big.txt is utilized to perform directory brute-forcing on the web server at the specified URL. It employs the gobuster tool to search for hidden directories and files by referencing a wordlist located at /usr/share/wordlists/dirb/big.txt.
Upon confirming that port 80 is running HTTP, we proceed to access the IP address using a web browser.
Using metasploitable for gaining access.
We got the meterpreter shell access successfully.
We then utilize thelscommand to list the files and identifyflag1.txt. Subsequently, we employ thecatcommand to retrieve the contents of this file, thereby obtaining our first flag.
First, we navigate to thesitesdirectory and list the files and subdirectories. Within this listing, we identifysettings.php. We then use thecatcommand to display its contents, which reveals our flag2.
To obtain flag 3, we will use the provided credentials to access the MySQL database. To facilitate this, we need to convert our Meterpreter session into an interactive shell. We now have access to the database, where we have identified a database nameddrupaldb.
We now switch to thedrupaldbdatabase and proceed to view its tables. Subsequently, we select theuserstable and execute a query to retrieve all records usingdrupaldbSELECT * FROM users;.
Using Hashcat, we successfully crack the hash associated with the admin account.
We navigate to the home directory, where we successfully locate our flag4 and for the last flag we have to switch to the root user.
To access the root directory, we must obtain root permissions. We will use the commandfind. -exec /bin/sh \;-quit, which spawns a shell with elevated privileges, enabling us to open the root directory.
Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It provides a centralized way to manage and organize network resources such as users, computers, printers, and more. Here are the core components and functionalities of Active Directory:
Key Components:
1. Domain Services (AD DS: •User and Computer Accounts: AD DS manages user credentials and provides authentication and authorization for users and computers within a domain. •Organizational Units (OUs): These are containers used to organize objects within a domain. They help in applying policies and delegating administrative tasks. •Groups: AD DS allows you to group users and computers to simplify management and apply permissions.
2. Domain Controllers (DCs): ->These servers hold a copy of the AD DS database and are responsible for authenticating users and enforcing policies. They replicate changes to other DCs within the domain.
3. Global Catalog: ->A distributed data repository that contains information about every object in the AD forest. It helps with searching and locating objects across domains.
4. Schema: ->Defines the structure of the directory, including the types of objects that can be stored and the attributes they can have.
5. Trusts: ->These are relationships established between different domains or forests that allow users in one domain to access resources in another.
Key Functions:
1. Authentication: ->AD verifies user credentials when they log in to a network, ensuring they are who they claim to be.
2. Authorization: ->AD manages permissions and access controls, determining what resources a user can access and what actions they can perform.
3. Policy Enforcement: ->Through Group Policy Objects (GPOs), AD allows administrators to enforce security settings and configurations across all computers and users in the domain.
4. Centralized Management: ->Administrators can manage user accounts, group memberships, and policies from a central location.
5. Directory Services: ->AD provides a hierarchical database of network objects, which can be queried to find and manage resources.
Additional Services:
• Active Directory Lightweight Directory Services (AD LDS): Provides directory services for applications without the need for AD DS. • Active Directory Federation Services (AD FS): Offers single sign-on (SSO) and identity federation across organizational boundaries. • Active Directory Certificate Services (AD CS): Manages digital certificates and public key infrastructure (PKI).
Active Directory is a fundamental component for managing large networks and is widely used in enterprise environments to maintain security, streamline administration, and provide a structured approach to managing network resources.
How to Install Active Directory?
Before installation first change the hostname of the domain controller as it will make pinging it easier in a later step.
The exact location depends on your Windows version:
Settings > System > About > Rename PC.
Control Panel > System and Security > System > Change Setting.
On my side I’ve set the domain controller name to marvel. Choose any name you like.
Enable the Active Directory Domain Services.
To add an Active Directory server:
Open Server Manager.
Select “Add Roles and Features”.
In the server roles options, select “Active Directory Domain Services”. When prompted by the pop-up screen, click “Add Features” to proceed.
Similarly, add the “DNS Server” role by selecting it in the server roles options and clicking “Add Features” when prompted.
Next, click “Next” to proceed to the configuration page. Here, select “Install” to start the installation and initiate the download process.Upon completion of the installation, the results page will display a feature installation notification. Click “Promote this server to a domain controller” to proceed. This action will redirect you to the Domain Controller Configuration page.On the Domain Controller Configuration page, select “Add a new forest” and enter your desired root domain name (e.g., “marvel.local”). After entering the domain name, click “Next” to continue.Next, set the Directory Services Restore Mode (DSRM) password, and then click “Next” to proceed.In the “Additional Options” section, the NetBIOS domain name will be automatically displayed (e.g., “MARVEL0”). Click “Next” to continue.In the “Paths” section, you can modify the default paths if needed. Once you have made any necessary changes, click “Next” to proceed.In the “Prerequisites Check” section, click “Install” to begin the installation. Wait for the process to complete. Upon finishing, the system will automatically restart.After logging into the system, open Server Manager, click on “Tools” on the right-hand side, and then select “Active Directory Users and Computers” from the dropdown menu.In Active Directory Users and Computers, navigate to the “Users” container. Right-click on the “Administrator” account and select “Copy” from the context menu.
Enter the user details, including First Name, Last Name, and User Logon Name. Click “Next” to proceed.
Set the user password and then click “Next” to continue.
Next, go to Server Manager, click on “Tools”, and select “DNS”.
In the DNS Manager, expand the “Reverse Lookup Zones” folder. Right-click on it and select “New Zone” to create a new reverse lookup zone.
Enter the Network ID for the reverse lookup zone and then click “Next”.
In the “Reverse Lookup Zones” section, right-click and select “New Pointer (PTR)” to create a new PTR record.
Enter the IP address of the system and click “OK” to create the PTR record.
On the user system, change the DNS server settings to the domain’s IP address. Then, set the computer to be a member of the domain “MARVEL0”. Click “OK” to apply the changes.
Enter the credentials for the user account that you created earlier to complete the domain joining process.
Verify that the domain name is set to “marvel.local” to ensure that the system is correctly joined to the domain.
Creating and Linking a Group Policy Object (GPO) in Active Directory
To set policies, go to Server Manager, click on “Tools”, and then select “Group Policy Management”.
In the Group Policy Management screen, select “Group Policy Objects”. Right-click on it and choose “New”. Enter a name for the new Group Policy Object (GPO) and click “OK”.
Right-click on the newly created Group Policy Object and select “Edit” to configure the policy settings.
First, navigate to the policy you wish to apply. Double-click on it, select “Enabled”, and then click “Apply” followed by “OK”.You can verify the state of the policy to ensure it is enabled by checking its status in the Group Policy Management Editor.
To link the policy to the user:1. Navigate to the Organizational Unit (OU) where you want to apply the policy. 2. Right-click on the OU and select “Link an Existing GPO”. 3. Choose the newly created Group Policy Object (GPO) and click “OK”.
You can confirm that the policy has been successfully applied to the user by checking the “Linked Group Policy Objects” section in the Organizational Unit (OU) properties.
Upon switching to the user and opening Command Prompt, you will see a message indicating that “cmd is disabled by administrator”. Pressing any key will prompt for administrator credentials, confirming that the policy has been successfully applied.Similarly create one more policy for prohibit TCP/IP.
As we click on properties to change the TCP/IP.
A pop-up window will appear, prompting you to enter administrative credentials to authorize the changes.
CONCLUSION:
Active Directory is essential for managing user accounts, resources, and security policies within a network. Effective setup is only the beginning; ongoing maintenance and security are critical for ensuring its reliability. Adhering to best practices — such as regular backups, applying the latest updates, and enforcing strong password policies — is crucial for maintaining and securing Active Directory.
In summary, with proper setup and diligent maintenance, Active Directory serves as a vital tool for creating a secure and efficient network environment.
