Attacktive Directory ~ Write-up
Attacktive Directory: Mm0 Write-up: Michael N Mm0 https://tryhackme.com/r/room/attacktivedirectory Scanning: Scanning the specific ports that I am interested in. Enumerate SMB port 445 List share with smbclient: no password prompt list shares.. but the Anonymous login worked but the workgroup isnʼt available. Enumerate SMB I will use enum4linux/smbclient to enumerate smb on port 445 Using crackmapexec to brute force RID The Guest user was disabled probably because tools like enum4linux likes to abuse the guest account to enumerate. SMB 10.10.76.106 445 ATTACKTIVEDIREC 498: THM-AD\\Enterprise Read-only Domain Controllers (SidTypeGroup) SMB 10.10.76.106 445 ATTACKTIVEDIREC 500: THM-AD\\Administrator (SidTypeUser) SMB 10.10.76.106 445 ATTACKTIVEDIREC 501: THM-AD\\Guest (SidTypeUser) SMB 10.10.76.106 445 ATTACKTIVEDIREC 502: THM-AD\\krbtgt (SidTypeUser) SMB 10.10.76.106 445 ATTACKTIVEDIREC 512: THM-AD\\Domai