Vulnerable AD Plus
Vulnerable-AD-Plus
Notes
OS:
Windows AD
Technology:
IP Address:
192.168.50.10
Open ports:
53/tcp open domain
135/tcp open msrpc
139/tcp open netbios-ssn
389/tcp open ldap
445/tcp open microsoft-ds
464/tcp open kpasswd5
593/tcp open http-rpc-epmap
636/tcp open ldapssl
3268/tcp open globalcatLDAP
5985/tcp open wsman
Users and pass:
Nmap
sudo nmap -A -sV --script=default -p- -oA 192.168.50.10_nmap 192.168.50.10 ; cat 192.168.50.10_nmap.nmap | grep -E "^[0-9]{1,}/(tcp|udp)"
Ffuz
ffuf -u http://IP/FUZZ -c -w /usr/share/wordlists/dirb/big.txt -ac -recursion -recursion-depth=2 -o IP_ffuz -of all -e .php,.html,.txt,.bac,.backup,.md,.git
Privilege Escalation:
Lessons Learned