BuildingMagic | Cracking Hashes, Kerberoasting, ForceChangePassword, NetNTLMv2 Capture, SeBackupPrivilege
Overview BuildingMagic is an Easy machine from HackSmarter that starts off with cracking hashes from a leaked database file, then using the newfound credentials to abuse misconfigurations in ActiveDirectory. After some Kerberoasting, a ForceChangePassword, and using the ntlm_theft tool, you’ll end up abusing SeBackupPrivilege for root. Objective & ScopeObjective: As a penetration tester on the Hack Smarter Red Team, your objective is to achieve a full compromise of the Active Directory environment. Initial Access: A prior enumeration phase has yielded a leaked database containing user credentials (usernames and hashed passwords). This information will serve as your starting point for gaining initial access to the network. Execution: Your task is to leverage the compromised credentials to escalate privileges, move laterally through the Active Directory, and ultimately achieve a complete compromise of the domain. Needed /etc/hosts entries: 1ip dc01.buildingmagic.local...
