Active Directory Penetration Testing normally covers exploiting misconfiguration within the Active Directory(AD). I’m still in the progress of learning Active Directory Penetration Testing so let learn together.
Let recap on the objective of the Penetration Testing which to find or identify any vulnerabilities that reside within the system and application.
Phase 1: Information Gathering
The first thing that pentester will do is Information Gathering before starting to proceed with another phase in Penetration Testing.
For the phase, we will running the nmap tools where it will provide a few details about the server.
Other tools that we can use for this phrase might as well known as Responder. The purpose of the Responder would be to check on AD if there is misconfiguration that has been implemented. This might lead to conduct Web Proxy Auto-Discovery (WPAD) and NBT-NS poisoning in the progress.
In the new Kali Linux 2020, there has a separate option for easier usage to the users. The user can see the option listed as been screenshot above shown.
Phrase 3: Exploitation
We will skip the analysis process because that phrase will only focus on the result of the Phrase 1.