Posts

Showing posts from 2017

Pentest Home Lab - 0x3 - Kerberoasting: Creating SPNs so you can roast them

Image
TL;DR There are a lot of great blogs out there that show you how to Kerberoast.  In this post, I'm going to walk through the process of setting up your lab so that you can practice this attack.  This involves creating a domain user and then mapping a SPN to that account. After that, I'll walk through using Empire to launch Invoke-Kerberoast, and I'll crack the hashes offline with Hashcat. Pentest Home Lab Recap If you don't already have an Active Directory lab and want to build one so that you can play along, check out my previous posts: Pentest Home Lab - 0x0 - Building A Virtual Corporate Domain   Pentest Home Lab - 0x1 - Building Your AD Lab on AWS Pentest Home Lab - 0x2 - Building Your AD Lab on Premises using Proxmox VE The Attack: Kerberoasting Attack Goals Domain privesc & lateral movement.  If you have domain credentials and access to the domain, this is a relatively easy way to gain additional access within the domain. If all goes well, you

Pentest Home Lab - 0x2 - Building Your AD Lab on Premises

Image
In Pentest Home Lab - 0x0 - Building a virtual corporate domain , we talked about why you would want to build your own AD pentest lab, where you can build it, and the pros and cons of each option. In Pentest Home Lab - 0x1 - Building Your AD Lab on AWS , we walked through setting up a fully functional home lab in AWS. In this third installment, I'm going to walk through setting up a pentest active directory home lab in your basement, closet, etc.  I'll be using Proxmox VE, an open source virtualization environment (aka hypervisor) similar to Vmware ESXi or Citrix XEN. The series so far: Pentest Home Lab - 0x0 - Building A Virtual Corporate Domain  (This post) Pentest Home Lab - 0x1 - Building Your AD Lab on AWS Pentest Home Lab - 0x2 - Building Your AD Lab on Premises using Proxmox VE Pentest Home Lab - 0x3 - Kerberoasting: Creating SPNs so you can roast them Table of Contents What are we going to build? Example server specs Let's talk about networ

Pentest Home Lab - 0x1 - Building Your AD Lab on AWS

Image
In Pentest Home Lab - 0x0 - Building a virtual corporate domain , we talked about why you would want to build your own AD pentest lab, where you can build it (cloud vs on-premises options), and the pros and cons of each option. This post covers building your lab on AWS. Even if you have a lab at home, setting up a small second home lab on AWS is a worthwhile exercise. You'll learn a lot about AWS in the process. The series so far: Pentest Home Lab - 0x0 - Building A Virtual Corporate Domain  (This post) Pentest Home Lab - 0x1 - Building Your AD Lab on AWS Pentest Home Lab - 0x2 - Building Your AD Lab on Premises using Proxmox VE Pentest Home Lab - 0x3 - Kerberoasting: Creating SPNs so you can roast them Table of Contents What are we going to build? Creating your AWS instances Instance #1: This will be the Domain Controller Instance #2: This will be Workstation01  Disable IE Enhanced Security Configuration Instances #3 & #4 (Optional) Create security