In this offensive security challenge, the attacker gains access to a domain controller called BABY2 with the help of various Windows exploitation frameworks like Metasploit and tools like Bloodhound and Burp Suite.
After the initial access, the attacker performs a number of activities like discovering users, finding critical files using SMBclient, abusing Group Policy Object (GPO) to create a new Administrator account, and finally dumping the hash for the new Administrator account using impacket-secretsdump utility in Kali Linux.
This post also discusses some errors encountered during the attack and their resolutions.
The attacker uses a Python HTTP server and nc.exe for the reverse shell on the newly created Administrator account.
The post ends with the output of some commands on the newly accessed machine that confirms the attacker’s Administrative privileges.