Task 1 - Introduction

Keywords:

Post-exploitation enumeration with powerview and bloodhound
Dumping hashes
Golden ticket attacks with mimikatz
Information gathering using windows server tools and logs
Maintaining access with the persistence metaploit module
Creating a backdoor into the machine to get an instant meterpreter shell

Task 2 - Enumeration with Powerview

Let’s SSH into the machine and start our game:

┌──(kali㉿VirtualBox)-[~]
└─$ ssh [email protected]
[email protected]'s password: P@$$W0rd

Microsoft Windows [Version 10.0.17763.737]
(c) 2018 Microsoft Corporation. All rights reserved.

controller\\administrator@DOMAIN-CONTROLL C:\\Users\\Administrator>powershell -ep bypass
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

PS C:\\Users\\Administrator>

Starting powershell with -ep bypasses to allow us to easily run scripts

powershell -ep bypass

Starting PowerView

. .\\Downloads\\PowerView.ps1

Enumerate the Domain Users

Get-NetUser | select cn

Enumerate the Domain Groups

Get-NetGroup -GroupName *admin*