Active Directory Penetration Testing

normally covers exploiting misconfiguration within the Active Directory(AD). I’m still in the progress of learning Active Directory Penetration Testing so let learn together.

Let recap on the objective of the Penetration Testing which to find or identify any that reside within the system and application.

Phase 1: Information Gathering

The first thing that pentester will do is Information Gathering before starting to proceed with another phase in Penetration Testing.

For the phase, we will running the nmap where it will provide a few details about the server.

Other tools that we can use for this phrase might as well known as Responder. The purpose of the Responder would be to check on AD if there is misconfiguration that has been implemented. This might lead to conduct Web Proxy Auto-Discovery (WPAD) and NBT-NS poisoning in the progress.

In the new Kali 2020, there has a separate option for easier usage to the users. The user can see the option listed as been screenshot above shown.

Phrase 3: Exploitation

We will skip the process because that phrase will only focus on the result of the Phrase 1.

Read More: https://threatninja.net/active-directory-penetration-testing/