LabAssignment6FULLUltimateKaliLinux

docx

School

Palm Beach State College *

*We aren’t endorsed by this school

Course

1712

Subject

Information Systems

Date

Apr 3, 2024

Type

docx

Pages

11

Uploaded by CLAUDIAMESA7677

Report
Lab Assignment #6: Ultimate Kali Linux Chapter 10: Working with Active Directory 4 Network and Sharing Center . v A4 %% > Control Panel > All Control Panel ltems > Network and Sharing Center View your basic network information and set up connections Control Panel Home View your active networks Change adapter settings Change advanced sharing Access type: No network access settings Connections: I Ethernet Media streaming options BB [ Directory listing for / X + O A Not secure | 192.168.42.20:3080 Directory listing for / Dictionaries’ Get-ComputerDetail psl Get-HttpStatus psl Invoke-CompareAttributesForClass psl Invoke-Portscan psl Invoke-ReverseDnsl ookup.psl PowerView.psl README md Recon psdl Recon psml
Forest : redteamlab.local DomainControllers : {DCl.redteamlab.local} Children S DomainMode : Unknown DomainModelLevel 27/ Parent 2 PdcRoleOwner : DC1l.redteamlab.local RidRoleOwner : DCl.redteamlab.local InfrastructureRoleOwner : DC1.redteamlab.local Name : redteamlab.local ricode : @{Unicode=yes} ystemAccess : @{MinimumPasswordAge=1; MaximumPasswordAge=42; MinimumPasswordlength=7; PasswordComple> ty=1; PasswordHistorySize=24; LockoutBadCount=0; RequireLogonToChangePassword=0; ForceLogoffihenHourExpire=0; ClearTextPassword=0; LSAAnonymousNameLookup=0} arberosPolicy : @{MaxTicketAge=10; MaxRenewAge=7; MaxServiceAge=600; MaxClockSkew=5; TicketValidateClic =1} sgistryValues : @{MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash=System.Object[]} arsion : @{signature="$CHICAGO$"; Revision=1} ath : \\redteamlab.local\sysvol\redteamlab.local\Policies\{31B2F340-016D-11D2-945F -08CO4FBIS. 3}\MACHINE\Microsoft\Windows NT\SecEdit\GptTmpl.inf 20Name : {31B2F340-016D-11D2-945F -00CO4FBIBAFI} 20DisnlavName : Default Domain Policv
ComputerName dc1. redteamlab. local dc1. redteamlab. local dc1. redteamlab. local dc1. redteamlab. local dc1. redteamlab. local dc1. redteamlab. local dc1. redteamlab. local dc1. redteamlab. local dc1. redteamlab. local dc1. redteamlab. local et radtaamlah Tnral Grouphame Server Operators Account Operators Pre-Windows 2000 Compatible Access Incoming Forest Trust Builders Windows Authorization Access Group Terminal Server License Servers Administrators Users Guests Print Operators Rackun Onaratanc Members can administer domain servers Members can administer domain user and .. A backward compatibility group which al Members of this group can create incom: Members of this group have access to th Members of this group can update user a Adninistrators have complete and unrest Users are prevented from making acciden Guests have the same access as members Members can administer printers install.. Rackun Onaratarc ran nvarride cacunity : [Find-DomainShare] Querying computers in the domain : [Get-DomainSearcher] search base: LDAP://DC1.REDTEAMLAB.LOCAL/DC=REDTEAMLAB,DC=LOCAL : [Get-DomainComputer] Get-DomainComputer filter string: (&(samAccountType=805306369)) : [Find-DomainShare] TargetComputers length: 3 : [Find-DomainShare] Using threading with threads: 20 : [New-ThreadedFunction] Total number of hosts: 3 : [New-ThreadedFunction] Total number of threads/partitions: 3 : [New-ThreadedFunction] Threads executing : [New-ThreadedFunction] Waiting 100 seconds for final cleanup... ERBOSE: [New-ThreadedFunction] all threads completed ame Type Remark ComputerName IMIN$ 2147483648 Remote Admin DC1.redteamlab.local b 2147483648 Default share DC1.redteamlab.local ataShare ] DC1.redteamlab.local (. 2147483651 Remote IPC DC1.redteamlab.local ETLOGON 0 Logon server share DCl.redteamlab.local YSVOL @ Logon server share DC1.redteamlab.local DMINS 2147483648 Remote Admin Alice-PC.redteamlab.local b 2147483648 Default share Alice-PC.redteamlab.local ataShare ] Alice-PC.redteamlab.local R 3 2147483651 Remote IPC Alice-PC.redteamlab.local IMIN$ 2147483648 Remote Admin Bob-PC.redteamlab.local 3 2147483648 Default share Bob-PC.redteamlab.local ataShare ] Bob-PC.redteamlab.local (8 2147483651 Remote IPC Bob-PC.redteamlab.local
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Forest : redteamlab.local DomainControllers : {DC1.redteamlab.local} Children = &k DomainMode : Unknown DomainModelevel S ) Parent : PdcRoleOwner : DC1.redteamlab.local RidRoleOwner : DC1.redteamlab.local InfrastructureRoleOwner : DC1l.redteamlab.local Name : redteamlab.local ERBOSE: [Find-LocalAdminAccess] Querying computers in the domain ERBOSE: [Get-DomainSearcher] search base: LDAP://DC1.REDTEAMLAB.LOCAL/DC=REDTEAMLAB,DC=LOCAL ERBOSE: [Get-DomainComputer] Get-DomainComputer filter string: (&(samAccountType=805306369)) ERBOSE: [Find-LocalAdminAccess] TargetComputers length: 3 ERBOSE: [Find-LocalAdminAccess] Using threading with threads: 20 ERBOSE: [New-ThreadedFunction] Total number of hosts: 3 ERBOSE: [New-ThreadedFunction] Total number of threads/partitions: 3 ERBOSE: [New-ThreadedFunction] Threads executing coonNnce - NMawi_ThraadadCim~+3iAanl Llai+ina 100 carnande £fan £inal Alaanun
New password password123 Repeat new password | password123] = Sl ¥ 1 14 11 % | Downloads K e e e v 4 &> ThisPC > Downloads # Quick access T 2021026114042 redteamiab I Desktop » L & Downloads # [5) Documents ~ + N Mml2Y2U20TUNGjMIOOMGU1LWI ZJYeY2V1¥2BmN2UWNmED bin BIN File
LB SIAIS Address bolt/Mlocalhost 7687 DB User neodj Sessions 0 Relationships. 404 ACLs 363 ‘Azure Relationships 0 ON-PREM OBJECTS = Users 0 Groups 53 Computers i ous 0 GPOs 0 Domains 0
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Pre-Built Analytics Queries Find all Domain Admins Find Shortest Paths to Domain Admins Find Principals with DCSync Rights Users with Foreign Domain Group Membership Groups with Foreign Domain Group Membership Map Domain Trusts Shortest Paths to Unconstrained Delegation Systems Shortest Paths from Kerberoastable Users Shortest Paths to Domain Admins from Kerberoastable Users Shortest Path from Owned Principals Shortest Paths to Domain Admins from Owned Principals Shortest Paths to High Value Targets Find Computers where Domain Users are Local Admin Find Computers where Domain Users can read LAPS passwords Shortest Paths from Domain Users to High Value Targets Find Al Paths from Domain Users to High Value Targets Find Workstations where Domain Users can RDP Find Servers where Domain Users can RDP Find Dangerous Rights for Domain Users Groups Find Kerberoastable Members of High Value Groups List all Kerberoastable Accounts Find Kerberoastable Users with most privileges Find Domain Admin Logons to non-Domain Controllers Find Computers with Unsupported Operating Systems Find AS-REP Roastable Users (DontReqPreAuth)
= Run X 7 Typethe name of 2 program, folder, document, or Internet L5 tesource, and Windows will open i for you Open: [W92168.42.20 v oK Cancel Browse.
| B[] = | File Explorer Share View Windows Security Enter network credentials Enter your credentials to connect to: 192.168.42.20 Domain: REDTEAMLAB [[] Remember my credentials Access is denied. oK Cancel
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
L+] Listening for events... [SMB] NTLMv2-SSP Client [SMB] NTLMv2-SSP Username [SMB] NTLMv2-SSP Hash 3 )B: :REDTEAMLAB:eec8420098a5968e:alalcdc@38foObl76d44cbe46ee609aab:010100000000000080T0706b! 1d7010a6745d1cac4144900000000020008004200550042004200010012005700490042002d004T004d004200! 1570053005000490045004500370004003400570049004002d0041004d004200570057005300500049004500¢ 137002200420055004200420022004c004T00430041004Cc000300140042005500400420022004c004T004300¢ 14c0005001400420055004200420022004c004T00430041004c000700080080T0706bb295d701060004000200! 1080030003000000000000000010000000020000020d6265ca99359070e75c00205F6c3a43cdecoPOc9l8de7ci idb82b36e70a50200100000000000000000000000000000000000090024006300690066007300270031003900 12e003100360038002200340032002200320030000000000000000000 : Passwordl »ssion.. 3 hashcat :atus... 3 Cracked 1sh.Name o NetNTLMv2 ish.Target. i BOB: :REDTEAMLAB:eec8420098a5968e:alalcdc@38fObl76d4. . .000000 s AD CS Configuration - o X DESTINATION SERVER Confirmation DClredteamisblocal To configure the following roles, role services, or features, cick Configure. (%) Active Directory Certificate Services Certification Authority CAType: Enterprise Root Cryptographic provder: RSA#Microsoft Software Key Storage Provider Hash Algonthm: SHA2S6 Key Length 2048 Allow Adminestrator Interaction: Disabled Certificate Valicity Perio: ~ 8/22 2300 PM Distinguished Name: CN=redteamiab-DC1-CA DC=redteamiab, DC<local Certficate Database Location: C:Windows\system32\Certiog Certificate Database Log CAWindows\system32\Certlog Location: < Previous | [ Configure | [ Concel |
BEEENS SMB 192.168.42.23 445 BOB-PC [+] redteamlab.local\bob:Password1 (Punsd!) SMB 192.168.42.21 445 ALICE-PC [+] redteamlab.local\bob:Passwordl (Pundd!) s 192.168.42.22 45 0C1 [+] redteantab. local\bob:Password1 s 4] Windors 10.0 Wil 7763 x84 (smne:0C1) (domaOC1) (aigningTrve) (SAbFase) W B (o] vinaoes 00 T (o010 Coona pregi eSS X o] 4 (oamniaTcE P ey 113 Do enaces adanssaatrinraseste s

Related Documents

DSS Case Study Instructions.docx
Weekly Summary.docx
Case Study- (Layout and Creation).docx
Case Study 5- Data Curation Project.docx
Lab2_VPC.docx
Project Charter.docx
FS_9002_L10_QuestionedDoc.docx
7-1 Project Three Submission Technical Brief - Copy.pdf
Q2pt1.pdf
Data_Dictionary_for_Excel_data.doc: 202410-Spring 2024-RSCH-4101-090-Research Methods.pdf
Lohff Assignment 8a.docx
Module 08 - PART 2 Course-Long Project-Project.docx