diff --git a/peh/2-lab/README.md b/peh/2-lab/README.md index 14bddb4..a44b1d9 100644 --- a/peh/2-lab/README.md +++ b/peh/2-lab/README.md @@ -27,7 +27,9 @@ > ❗ **Use it responsibly, ethically and with proper authorization for security testing!** > -### Sections +--- + +## Sections 1. [Intro to Kali Linux](kali-linux.md) 2. [Intro to Python](python.md) diff --git a/peh/3-eth-hack/README.md b/peh/3-eth-hack/README.md index 40cccf0..409c8fe 100644 --- a/peh/3-eth-hack/README.md +++ b/peh/3-eth-hack/README.md @@ -2,7 +2,7 @@ ![Phases of Ethical Hacking - InfosecTrain](.gitbook/assets/Phases-of-Ethical-Hacking.png) -**Ethical hacking**, or **penetration testing**, identifies and addresses vulnerabilities in computer systems and networks through a structured process. +➡️ **Ethical hacking**, or **penetration testing**, identifies and addresses vulnerabilities in computer systems and networks through a structured process. The five stages are: @@ -16,6 +16,8 @@ The five stages are: > > ❗ **Use these techniques responsibly, ethically and with proper authorization for security testing!** +--- + ## Sections 1. [Information Gathering](recon.md) diff --git a/peh/4-active-directory/.gitbook/assets/1NdU4kfgwv6vgWRmsCZ1BXA.png b/peh/4-active-directory/.gitbook/assets/1NdU4kfgwv6vgWRmsCZ1BXA.png new file mode 100644 index 0000000..67c1f78 Binary files /dev/null and b/peh/4-active-directory/.gitbook/assets/1NdU4kfgwv6vgWRmsCZ1BXA.png differ diff --git a/peh/4-active-directory/.gitbook/assets/ad.png b/peh/4-active-directory/.gitbook/assets/ad.png new file mode 100644 index 0000000..11f34fb Binary files /dev/null and b/peh/4-active-directory/.gitbook/assets/ad.png differ diff --git a/peh/4-active-directory/1-ad-lab.md b/peh/4-active-directory/1-ad-lab.md new file mode 100644 index 0000000..7bd018a --- /dev/null +++ b/peh/4-active-directory/1-ad-lab.md @@ -0,0 +1,8 @@ +# Active Directory Lab + +> **Lab Requirements** +> +> - 1 Windows Server +> - 2 Windows 10 Workstations +> - 60 GB Disk space +> - 16 GB RAM \ No newline at end of file diff --git a/peh/4-active-directory/2-ad-init-vectors.md b/peh/4-active-directory/2-ad-init-vectors.md new file mode 100644 index 0000000..fce2438 --- /dev/null +++ b/peh/4-active-directory/2-ad-init-vectors.md @@ -0,0 +1,2 @@ +# AD - Initial Attack Vectors + diff --git a/peh/4-active-directory/3-ad-enum.md b/peh/4-active-directory/3-ad-enum.md new file mode 100644 index 0000000..f689748 --- /dev/null +++ b/peh/4-active-directory/3-ad-enum.md @@ -0,0 +1 @@ +# AD - Post-Compromise Enumeration \ No newline at end of file diff --git a/peh/4-active-directory/4-ad-attacks.md b/peh/4-active-directory/4-ad-attacks.md new file mode 100644 index 0000000..8193581 --- /dev/null +++ b/peh/4-active-directory/4-ad-attacks.md @@ -0,0 +1 @@ +# AD - Post-Compromise Attacks \ No newline at end of file diff --git a/peh/4-active-directory/5-ad-adv-attacks.md b/peh/4-active-directory/5-ad-adv-attacks.md new file mode 100644 index 0000000..8193581 --- /dev/null +++ b/peh/4-active-directory/5-ad-adv-attacks.md @@ -0,0 +1 @@ +# AD - Post-Compromise Attacks \ No newline at end of file diff --git a/peh/4-active-directory/6-ad-casestudies.md b/peh/4-active-directory/6-ad-casestudies.md new file mode 100644 index 0000000..7eb3f1d --- /dev/null +++ b/peh/4-active-directory/6-ad-casestudies.md @@ -0,0 +1 @@ +# AD - Case Studies \ No newline at end of file diff --git a/peh/4-active-directory/README.md b/peh/4-active-directory/README.md index 849c812..ff00614 100644 --- a/peh/4-active-directory/README.md +++ b/peh/4-active-directory/README.md @@ -1 +1,125 @@ -# 4. Active Directory \ No newline at end of file +# 4. Active Directory + +![](.gitbook/assets/ad.png) + +🪟 **Active Directory** (**AD**) is a directory service developed by Microsoft for Windows domain networks. It provides directory services for managing Windows-based computers on a network. AD stores information about objects such as users, groups, computers, and other resources, and provides authentication and authorization services. + +![Active Directory - academy.hackthebox.com](.gitbook/assets/1NdU4kfgwv6vgWRmsCZ1BXA.png) + +--- + +## Physical components + +- Data store +- Domain controllers +- Global catalog server +- Read-Only Domain Controller (RODC) + + + +➡️ **Domain Controller** - a server with the [Active Directory Domain Services](https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview) (**AD DS**) server role, specifically promoted to a domain controller + +- Host a copy of the AD DS directory store +- Provide authentication and authorization services +- Replicate updates to other domain controllers +- Allow administrative access to manage user accounts and network resources + + + +➡️ **AD DS Data store** - database files and processes that store and manage directory information for users, services and apps + +- Contains `Ntds.dit` file - very important file (contains password hashes, etc) + - stored in the `%SystemRoot%\NTDS` folder on all domain controllers + - accessible only through the domain controller processes and protocols + +--- + +## Logical components + +- Partitions +- Schema +- Domains +- Domain trees +- Forests +- Sites +- Organization units (OUs) + + + +➡️ **AD DS Schema** - (like a rulebook) defines every type of object that can be stored in the directory, enforces object creation and configuration rules + +- Class object - what objects can be created in the directory (user, computer, etc) +- Attribute object - information that can be attached to an object (display name, etc) + + + +➡️ **Domains** - used to group and manage objects in an organization + +- Administrative boundary for applying policies to groups of objects +- Replication boundary for replicating data between domain controllers +- Authentication and authorization boundary - to limit the scope of access to resources + + + +➡️ **Trees** - a hierarchy of domains in AD DS, that can + +- share a contiguous namespace with the parent domain +- can have additional child domains +- (by default) create a 2-way transitive trust with other domains + + + +➡️ **Forests** - a collection of domain trees + +- Forests share common + - schema + - configuration partition + - global catalog to enable searching +- Enable trusts between all domains in the forest +- Share the **Enterprise Admins** and **Schema Admins** groups + + + +➡️ **Organizational Units (OUs)** - AD containers that can contain users, groups, computers, other OUs + +- Represent the organization hierarchically and logically +- Manage a collection of objects in a consistent way +- Delegate permissions to administer groups of objects +- Apply policies + + + +➡️ **Trusts** - provide a mechanism for users to gain access to resources in another domain + +- All domains in a forest trust all other domains in the forest +- Trusts can extend outside the forest + +- **Directional** - the trust direction flows from trusting domain to the trusted domain + - trusting domain -> trusted domain +- **Transitive** - the trust relationship is extended to include other trusted domains + + + +➡️ **Objects** + +- User - Enables network resource access for a user +- InetOrgPerson - Used for compatibility with other directory services +- Contacts - Used primarily to assign e-mail addresses to external users; no network access +- Groups - Used to simplify the administration of access control +- Computers - Enable authentication and auditing of computer access to resources +- Printers - Simplify the process of locating and connecting to printers +- Shared folders - Enables users to search for shared folders based on preperties + +--- + +## Sections + +1. [Active Directory Lab](1-ad-lab.md) +1. [AD - Initial Attack Vectors](2-ad-init-vectors.md) +1. [AD - Post-Compromise Enumeration](3-ad-enum.md) +1. [AD - Post-Compromise Attacks](4-ad-attacks.md) +1. [AD - Additional Attacks](5-ad-adv-attacks.md) +1. [AD - Case Studies](6-ad-casestudies.md) + +--- + diff --git a/peh/peh-references.md b/peh/peh-references.md index dcf76c9..b749c23 100644 --- a/peh/peh-references.md +++ b/peh/peh-references.md @@ -147,6 +147,8 @@ ## Active Directory +- [Active Directory Domain Services](https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview) +- [Introduction to Active Directory - HTB Academy](https://academy.hackthebox.com/module/details/74) - [PimpmyADLab](https://github.com/Dewalt-arch/pimpmyadlab) - [Building a Windows AD lab](https://ad-lab.gitbook.io/building-a-windows-ad-lab/) - [GrouppVM](https://github.com/vulfilip/grouppvm)