{"id":1217,"date":"2024-12-14T07:28:56","date_gmt":"2024-12-14T07:28:56","guid":{"rendered":"https:\/\/hackmybox.com\/?p=1217"},"modified":"2025-09-08T16:28:27","modified_gmt":"2025-09-08T16:28:27","slug":"active-directory-enumeration-attacks","status":"publish","type":"post","link":"https:\/\/hackmybox.com\/index.php\/2024\/12\/14\/active-directory-enumeration-attacks\/","title":{"rendered":"Active Directory Enumeration &amp; Attacks"},"content":{"rendered":"<div class=\"vce-row-container\" data-vce-boxed-width=\"true\"><div class=\"vce-row vce-row--col-gap-30 vce-row-equal-height vce-row-content--top\" id=\"el-41e94c7a\" data-vce-do-apply=\"all el-41e94c7a\"><div class=\"vce-row-content\" data-vce-element-content=\"true\"><div class=\"vce-col vce-col--md-auto vce-col--xs-1 vce-col--xs-last vce-col--xs-first vce-col--sm-last vce-col--sm-first vce-col--md-last vce-col--lg-last vce-col--xl-last vce-col--md-first vce-col--lg-first vce-col--xl-first\" id=\"el-a76914ff\"><div class=\"vce-col-inner\" data-vce-do-apply=\"border margin background  el-a76914ff\"><div class=\"vce-col-content\" data-vce-element-content=\"true\" data-vce-do-apply=\"padding el-a76914ff\"><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-7c548d46\" data-vce-do-apply=\"all el-7c548d46\"><h3 style=\"text-align: center;\"><span style=\"color: #00ff00;\"><strong>(Insights from HTB Academy)<\/strong><\/span><\/h3><h2><span style=\"color: #00ff00;\">Part 1: LLMNR\/NBT-NS Poisoning<\/span><\/h2><p>Securing Active Directory (AD) is crucial for safeguarding a network's identity management system, which organizes and manages <span style=\"color: #00ff00;\">users, computers, and resources<\/span>. AD security involves practices like restricting user access through<span style=\"color: #00ff00;\"> least privilege, enforcing Group Policies,<\/span> and conducting routine audits and monitoring of network activities.<\/p><p>Ensuring secure communication between AD components, applying security patches, and maintaining proper network segmentation are vital for protection. Regular updates and <span style=\"color: #00ff00;\">vulnerability assessments<\/span> are essential to address potential security gaps.<\/p><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-36779cf3\" data-vce-do-apply=\"all el-36779cf3\"><p>Responder is a tool used for poisoning network protocols and capturing authentication hashes (which are used in attacks like Man-in-the-Middle). It displays messages about the requests it intercepts, such as <span style=\"color: #00ff00;\">NTLM hashes<\/span>, <span style=\"color: #00ff00;\">LLMNR<\/span>, and <span style=\"color: #00ff00;\">NBT-NS<\/span> requests.<\/p><ol><li>First run the command : <span style=\"color: #00ff00;\">sudo responder -I ens224<\/span><\/li><\/ol><p><span style=\"color: #00ff00;\">-I ens224:<\/span> This specifies the network interface (ens224) that Responder will listen to. You should replace ens224 with the actual interface name on your system (you can find the interface name using the ifconfig or ip a command).<\/p><\/div><\/div><div class=\"vce-single-image-container vce-single-image--align-left\"><div class=\"vce vce-single-image-wrapper\" id=\"el-e2b1f56f\" data-vce-do-apply=\"all el-e2b1f56f\"><figure><div class=\"vce-single-image-figure-inner\" style=\"width: 1024px;\"><div class=\"vce-single-image-inner vce-single-image--absolute\" style=\"width: 100%; padding-bottom: 70.7031%;\"><img loading=\"lazy\" decoding=\"async\" class=\"vce-single-image\"  width=\"1024\" height=\"724\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/12\/responder-1024x724.png 1024w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/12\/responder-320x226.png 320w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/12\/responder-480x339.png 480w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/12\/responder-800x566.png 800w\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/12\/responder-1024x724.png\" data-img-src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/12\/responder.png\" data-attachment-id=\"1224\"  alt=\"\" title=\"responder\" \/><\/div><\/div><figcaption hidden=\"\"><\/figcaption><\/figure><\/div><\/div><div class=\"vce-single-image-container vce-single-image--align-left\"><div class=\"vce vce-single-image-wrapper\" id=\"el-c64db003\" data-vce-do-apply=\"all el-c64db003\"><figure><div class=\"vce-single-image-figure-inner\" style=\"width: 1024px;\"><div class=\"vce-single-image-inner vce-single-image--absolute\" style=\"width: 100%; padding-bottom: 70.7031%;\"><img loading=\"lazy\" decoding=\"async\" class=\"vce-single-image\"  width=\"1024\" height=\"724\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/12\/hash-1024x724.png 1024w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/12\/hash-320x226.png 320w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/12\/hash-480x339.png 480w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/12\/hash-800x566.png 800w\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/12\/hash-1024x724.png\" data-img-src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/12\/hash.png\" data-attachment-id=\"1225\"  alt=\"\" title=\"hash\" \/><\/div><\/div><figcaption hidden=\"\"><\/figcaption><\/figure><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-32abfdd4\" data-vce-do-apply=\"all el-32abfdd4\"><p><span style=\"color: #00ff00;\">2.<\/span> Save the hash to a text file using the <span style=\"color: #00ff00;\">cat<\/span> command.<\/p><\/div><\/div><div class=\"vce-single-image-container vce-single-image--align-left\"><div class=\"vce vce-single-image-wrapper\" id=\"el-2eb69a9b\" data-vce-do-apply=\"all el-2eb69a9b\"><figure><div class=\"vce-single-image-figure-inner\" style=\"width: 1024px;\"><div class=\"vce-single-image-inner vce-single-image--absolute\" style=\"width: 100%; padding-bottom: 11.8164%;\"><img loading=\"lazy\" decoding=\"async\" class=\"vce-single-image\"  width=\"1024\" height=\"121\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/12\/cat-e1734071865799-1024x122.jpg 1024w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/12\/cat-e1734071865799-320x38.jpg 320w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/12\/cat-e1734071865799-480x57.jpg 480w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/12\/cat-e1734071865799-800x95.jpg 800w\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/12\/cat-e1734071865799-1024x122.jpg\" data-img-src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/12\/cat-e1734071865799.jpg\" data-attachment-id=\"1226\"  alt=\"\" title=\"cat\" \/><\/div><\/div><figcaption hidden=\"\"><\/figcaption><\/figure><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-6873fd06\" data-vce-do-apply=\"all el-6873fd06\"><p><span style=\"color: #00ff00;\">3.<\/span> Use Hashcat by entering the command: <span style=\"color: #00ff00;\">hashcat -m 5600 hash.txt rockyou.txt<\/span>.<\/p><\/div><\/div><div class=\"vce-single-image-container vce-single-image--align-left\"><div class=\"vce vce-single-image-wrapper\" id=\"el-65e2c9da\" data-vce-do-apply=\"all el-65e2c9da\"><figure><div class=\"vce-single-image-figure-inner\" style=\"width: 1024px;\"><div class=\"vce-single-image-inner vce-single-image--absolute\" style=\"width: 100%; padding-bottom: 53.6133%;\"><img loading=\"lazy\" decoding=\"async\" class=\"vce-single-image\"  width=\"1024\" height=\"549\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/12\/hashcat3-1024x550.png 1024w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/12\/hashcat3-320x172.png 320w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/12\/hashcat3-480x258.png 480w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/12\/hashcat3-800x430.png 800w\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/12\/hashcat3-1024x550.png\" data-img-src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/12\/hashcat3.png\" data-attachment-id=\"1235\"  alt=\"\" title=\"hashcat3\" \/><\/div><\/div><figcaption hidden=\"\"><\/figcaption><\/figure><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-ca9639a2\" data-vce-do-apply=\"all el-ca9639a2\"><p><span style=\"color: #00ff00;\">-m 5600:<\/span> Specifies the hash mode, with 5600 corresponding to the NTLMv2 hash type, used in Microsoft Windows for network authentication. This tells Hashcat to crack NTLMv2 hashes.<\/p><p><span style=\"color: #00ff00;\">hash.txt:<\/span> The input file containing NTLMv2 hashes (one per line) that you want to crack.<\/p><p><span style=\"color: #00ff00;\">rockyou.txt:<\/span> The wordlist used for the attack, containing millions of common passwords. Hashcat will hash each word in this list using NTLMv2 and compare it to the hashes in hash.txt.<\/p><p><span style=\"color: #00ff00;\">Process:<\/span> Hashcat compares each hashed word from rockyou.txt with the hashes in hash.txt. If a match is found, it reveals the corresponding plaintext password.<\/p><p>&nbsp;<\/p><\/div><\/div><div class=\"vce-raw-html\"><div class=\"vce-raw-html-wrapper\" id=\"el-a81f58b1\" data-vce-do-apply=\"all el-a81f58b1\"><script async=\"\" src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-1499161372675368\" crossorigin=\"anonymous\"><\/script>\n<ins class=\"adsbygoogle\" style=\"display:block\" data-ad-format=\"fluid\" data-ad-layout-key=\"-c2+73+2h-1m-4u\" data-ad-client=\"ca-pub-1499161372675368\" data-ad-slot=\"8728040126\"><\/ins>\n<script>\n     (adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-5e395fea\" data-vce-do-apply=\"all el-5e395fea\"><p><span style=\"color: #00ff00;\">4.<\/span> If you're using a Windows machine, you can use a PowerShell script, <span style=\"color: #00ff00;\">Inveigh<\/span>, to obtain the same results. See the download link below:<\/p><p>https:\/\/github.com\/Kevin-Robertson\/Inveigh\/blob\/master\/Inveigh.ps1<\/p><p><span style=\"color: #00ff00;\">5.<\/span> Import the module &amp; run it using syntaxt below:<\/p><\/div><\/div><div class=\"vce-single-image-container vce-single-image--align-left\"><div class=\"vce vce-single-image-wrapper\" id=\"el-66657fa6\" data-vce-do-apply=\"all el-66657fa6\"><figure><div class=\"vce-single-image-figure-inner\" style=\"width: 713px;\"><div class=\"vce-single-image-inner vce-single-image--absolute\" style=\"width: 100%; padding-bottom: 65.3576%;\"><img loading=\"lazy\" decoding=\"async\" class=\"vce-single-image\"  width=\"713\" height=\"466\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/12\/Inveigh-4-e1735804602423-320x209.png 320w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/12\/Inveigh-4-e1735804602423-480x314.png 480w, https:\/\/hackmybox.com\/wp-content\/uploads\/2025\/09\/Inveigh-4-e1735804602423-713x466.png 713w\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2025\/09\/Inveigh-4-e1735804602423-713x466.png\" data-img-src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/12\/Inveigh-4-e1735804602423.png\" data-attachment-id=\"1252\"  alt=\"\" title=\"Inveigh\" \/><\/div><\/div><figcaption hidden=\"\"><\/figcaption><\/figure><\/div><\/div><div class=\"vce-single-image-container vce-single-image--align-left\"><div class=\"vce vce-single-image-wrapper\" id=\"el-71273846\" data-vce-do-apply=\"all el-71273846\"><figure><div class=\"vce-single-image-figure-inner\" style=\"width: 724px;\"><div class=\"vce-single-image-inner vce-single-image--absolute\" style=\"width: 100%; padding-bottom: 54.0055%;\"><img loading=\"lazy\" decoding=\"async\" class=\"vce-single-image\"  width=\"724\" height=\"391\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/12\/Inveigh2-320x173.png 320w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/12\/Inveigh2-480x259.png 480w, https:\/\/hackmybox.com\/wp-content\/uploads\/2025\/09\/Inveigh2-724x391.png 724w\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2025\/09\/Inveigh2-724x391.png\" data-img-src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/12\/Inveigh2.png\" data-attachment-id=\"1247\"  alt=\"\" title=\"Inveigh2\" \/><\/div><\/div><figcaption hidden=\"\"><\/figcaption><\/figure><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-d0f8570e\" data-vce-do-apply=\"all el-d0f8570e\"><p>For more details see link :&nbsp;<\/p><p><a href=\"https:\/\/attack.mitre.org\/techniques\/T1557\/001\/\"> https:\/\/attack.mitre.org\/techniques\/T1557\/001\/<\/a><\/p><p><a href=\"https:\/\/tcm-sec.com\/llmnr-poisoning-and-how-to-prevent-it\">https:\/\/tcm-sec.com\/llmnr-poisoning-and-how-to-prevent-it<\/a><\/p><\/div><\/div><div class=\"vce vce-separator-container vce-separator--align-center vce-separator--style-solid\" id=\"el-464f6001\" data-vce-do-apply=\"margin el-464f6001\"><div class=\"vce-separator vce-separator--color-bfc0c1 vce-separator--width-60 vce-separator--thickness-1\" data-vce-do-apply=\"border padding background  el-464f6001\"><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-ba82ce54\" data-vce-do-apply=\"all el-ba82ce54\"><p style=\"text-align: center;\">Want to learn more and gain hands-on experience? Sign up with HTB Academy by clicking the link below<\/p><\/div><\/div><div class=\"vce-button--style-basic-container vce-button--style-basic-container--align-center\"><span class=\"vce-button--style-basic-wrapper vce\" id=\"el-9af13931\" data-vce-do-apply=\"margin el-9af13931\"><a class=\"vce-button vce-button--style-basic vce-button--style-basic--border-rounded vce-button--style-basic--size-medium vce-button--style-basic--color-b-138-198-10--fff\" href=\"http:\/\/hacktheboxltd.sjv.io\/19DPP6\" title=\"\" data-vce-do-apply=\"padding border background  el-9af13931\">JOIN NOW<\/a><\/span><\/div><\/div><\/div><\/div><\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>(Insights from HTB Academy)Part 1: LLMNR\/NBT-NS PoisoningSecuring Active Directory (AD) is crucial for safeguarding a network&#8217;s identity management system, which organizes and manages users, computers, and resources. AD security involves practices like restricting user access through least privilege, enforcing Group Policies, and conducting routine audits and monitoring of network activities.Ensuring secure communication between AD components, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2009,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","site-transparent-header":"default","prose-style":"enable","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[18],"tags":[],"class_list":["post-1217","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-active-directory"],"_links":{"self":[{"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/posts\/1217","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/comments?post=1217"}],"version-history":[{"count":32,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/posts\/1217\/revisions"}],"predecessor-version":[{"id":2068,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/posts\/1217\/revisions\/2068"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/media\/2009"}],"wp:attachment":[{"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/media?parent=1217"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/categories?post=1217"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/tags?post=1217"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}