https://tryhackme.com/room/breachingad

Task 1 - Introduction to AD Breaches

Connecting to the Network

Configure DNS by adding THMDC's IP to the DNS Network Manager > Advanced Network Configuration > Your Connection > IPv4 Settings

Untitled

Then restart the resolved service

sudo systemctl restart NetworkManager

Test the DNS by running nslookup, this should resolve to the IP of our DC

nslookup thmdc.za.tryhackme.com

If successful, we should get the output as per follow

Server:		10.200.32.101
Address:	10.200.32.101#53

Name:	thmdc.za.tryhackme.com
Address: 10.200.32.101

Task 2 - OSINT and Phishing

Task 3 - NTLM Authenticated Services

Task Files

Brute-force Login Attacks

Navigating to the URL, we can see that it prompts us for Windows Authentication credentials:

Untitled

Note: Firefox's Windows Authentication plugin is incredibly prone to failure. If you want to test credentials manually, Chrome is recommended.

Password Spraying

We can run the script using the following command: