Active Directory
Overview
What is Active Directory?
Directory Service deployed by Microsoft to manage Windows domain networks
Stores information related to objects, such as:
Computers, Users, Printers
AD is like a phone book for windows
Authenticates using Kerberos tickets
Non-Windows devices, such as Linux machines and firewall can authenticate via RADIUS or LDAP
Physical Active Directory Components
Domain Controller (DC)
A server with the Active Directory Domain Service (AD DS) server role installed that has been specifically promoted to DC
Jobs:
Host a copy of the AD DS directory store
Provide authentication and authorization services
Replicate updates to other DCs in the domain and forest
Allow administrative access to manage userβs accounts and network resources
AD DS Data Store
Contains the database files and processes that store and manage directory information for users, services, and applications
Consists of the ntds.dit file
stores all the domain usersβ hashes
Is stored by default in the %SYSTEMROOT%\NTDS folder on all domain controllers
Is accessible only through the domain controller processes and protocols
Logical Active Directory Components
AD DS Schema
Defines every object that can be stored in the directory
Enforces rules regarding object creation and configuration
Object Types:
Class Object
What object can be created in the directory
ex: Users, Computers
Attribute Object
Information that can be attached to an object
ex: Display Name
Domains
Used to group and manage objects in an organization
An administrative boundary for applying policies to groups of objects
A replication boundary for replicating data between DCs
An authentication and authorization boundary that provides a way to limit the scope of access resources
Attacking Active Directory Strategies
Begin the day with
responderormitm6Run scans to generate traffic
Look for websites in scope
Look for default creds on web logins
printers, jenkins, routers, etc.
Think outside of the box and enumerate everything
Last updated