Description of the target environment:

1) Assume you have several workstations

Active directory server(contain domain controller) IP :172.16.2.168
Windows 7(consider as client machine) IP:172.16.2.169

let join my client in active directory(domain called rwanda.com)

active directory

server ip

2) One of the workstations called WS1

let create user and give username and password on active directory server

user login in own credential depended on domain

client ip

1) Describe Active Directory environment and authentication method of users

and computers.
What is active directory?
Active Directory (AD) is a directory service that Microsoft developed for windows
domain networks. It is included in most windows server operating systems as a set of
processes and services Initially, Active Directory was only in charge of centralized
domain management.
A server running Active Directory Domain Services (AD DS) is called a domain
controller. It authenticates and authorizes all users and computers in a Windows

domain type networkassigning and enforcing security policies for all computers
and installing or updating software.
For example,
when a user logs into a computer that is part of a Windows domain, Active Directory
checks the submitted password and determines whether the user is a system
administrator or normal user.
An active directory is a service that is provided by Microsoft that stores information
about items on a network so the information can be easily made available to specific
users through a logon process and network administrators.
Active Directory Domain Services is Microsoft's Directory Server. It provides
authentication and authorization mechanisms as well as a framework within which
other related services can be deployed (AD Certificate Services, AD Federated
Services, etc)
How active directory work?

An Active Directory performs a variety of tasks which include providing information

on objects such as hardware and printers and services for the end users on the
network such as Web email and other applications.
Network Objects: Network objects are anything that is associated with the

network such as a printer, end user applications, and security applications that
are implemented by the network administrator. Network objects can also
contain additional objects within their file structure which are identified by a
folder name. Each object has its own unique identification by the specific
information that is contained within the object.
Schemas: Since network objects each have their own identification which is

also known as a characterization schema, the type of identification is the

determining factor as to how each object will be used on the network.
Hierarchy: The hierarchal structure determines how each object can be viewed

within the hierarchy which consists of three different levels which are known
as a forest, tree, and domain with the forest being the highest level that allows

the network administrator to see all of the objects in the active directory. The
trees are the second level of the hierarchy each of which can hold multiple
Authentication is the process of determining whether someone or something is,
in fact, who or what it is declared to be.domains.
How an Active Directory is Used
Active Directories are used by network administrators to simplify network
maintenance processes within a large organization. Instead of having to perform
updates manually, a network administrator can update one object in a single process.

Active Directories are also used by network administrators to allow or deny access to
specific application by the end user through the trees in the network. Additionally,
they are used to keep a large network organized and maintained without having to
perform each task through an individual process.

Authentication
Authentication is the process of determining whether someone or something is, in
fact, who or what it is declared to be.
Authentication is used by a server when the server needs to know exactly who
is accessing their information or site.
Authentication is used by a client when the client needs to know that the server
is system it claims to be.
In authentication, the user or computer has to prove its identity to the server or
client.
Usually, authentication by a server entails the use of a user name and password.
Other ways to authenticate can be through cards, retina scans, voice
recognition, and fingerprints.
Authentication by a client usually involves the server giving a certificate to the
client in which a trusted third party such as Verisign or Thawte states that the
server belongs to the entity (such as a bank) that the client expects it to.
Authentication does not determine what tasks the individual can do or what
files the individual can see. Authentication merely identifies and verifies who
the person or system

2) describe your attack plan and tools in details

let show the attack plan
he attacker has objectives to attacker active directory into organization
the first attack the groups of users that are connect on active directory then he get
access to the active directory is the way of getting access in active directory here can
change every credentials of all users that are connect on active directory

let show the attack plan

tools used
=>kali lunix using
metsploit & msfvenom

the process how to inject the malware into victim machine

3) Describe in details each step of the attack

creating->listening->infecting
it is, we need to set up the LHOST and LPORT to make this exploit
work. My IP address is 172.16.2.88so I set the LHOST to
that IP, and I want to set the LPORT to 443 so I will receive
connection from victim on port 443 if the exploit succeed.

Run msfconsole

here there is virus hiden into vlc when this user install this vlcv2 attacker get
meterpreter directly

/home/sam/active directory.docx

set lhost and set lport then exploit

here show system information

let start to show the proccess on user machine after get meterpreter

let show the username of this client connect on domain

let
use differents possible in priviledge escalation

ckeck username

let use
mimikatz for the purpose to dump password in plain text

my attack is done as
you see I get the password of user joined to domain and I get the password of
server as Administrator

here I have all the privilege

the last step I m going to attack server because I have privileges

exploit smb let do possible attack

let exploit

show system information

here I can upload virus.bat into server

let me show the users again using cmd

let run post for checking the number users and their hash pass

let enable Remote Desktop of server as you see is Disabled

let make enabled wow !!! is enabled

remote desktop dont work because

4) Describe what are the challenges you run into and how you overcome them

lets talk about challenges

- first challenge to hide virus into vlc media using shellter it the first time for me .
-second related rdesktop means when I run it show error :CredSSP:Initialize failed
,do you have correct kerberos tgt initialized
/home/sam/active directory.docx