Skip to content

Scope

Lab #HackSmarter #Scope

Objective: As a penetration tester on the Hack Smarter Red Team, your objective is to achieve a full compromise of the Active Directory environment.

Initial Access: A prior enumeration phase has yielded a leaked database containing user credentials (usernames and hashed passwords). This information will serve as your starting point for gaining initial access to the network.

Execution: Your task is to leverage the compromised credentials to escalate privileges, move laterally through the Active Directory, and ultimately achieve a complete compromise of the domain.

Note to user:  To access the target machine, you must add the following entries to your /etc/hosts file:

  • buildingmagic.local
  • dc01.buildingmagic.local

Leaked Database File:

id  username    full_name   role        password
1   r.widdleton Ron Widdleton   Intern Builder  c4a21c4d438819d73d24851e7966229c
2   n.bottomsworth  Neville Bottomsworth Plannner   61ee643c5043eadbcdc6c9d1e3ebd298
3   l.layman    Luna Layman Planner     8960516f904051176cc5ef67869de88f
4   c.smith     Chen Smith  Builder     bbd151e24516a48790b2cd5845e7f148
5   d.thomas    Dean Thomas Builder     4d14ff3e264f6a9891aa6cea1cfa17cb
6   s.winnigan  Samuel Winnigan HR Manager  078576a0569f4e0b758aedf650cb6d9a
7   p.jackson   Parvati Jackson Shift Lead  eada74b2fa7f5e142ac412d767831b54
8   b.builder   Bob Builder Electrician dd4137bab3b52b55f99f18b7cd595448
9   t.ren       Theodore Ren    Safety Officer  bfaf794a81438488e57ee3954c27cd75
10  e.macmillan Ernest Macmillan Surveyor   47d23284395f618bea1959e710bc68ef