Corporate Espionage
Description:
You have been hired as a penetration tester for a large corporation. Your task is to find vulnerabilities in their network and report them to the company so that they can fix them. The network consists of the following systems:
1 Linux machine that acts as a mail server with a vulnerable mail administration app
1 Linux machine that runs a web server that hosts a vulnerable application
8 Windows 10 machines that are joined to an Active Directory domain
1 Windows Server that serves as the domain controller for the entire network and manages the Active Directory environment
Objective:
The objective of this challenge is to compromise the domain controller and establish persistence in the network.
Hints:
Start by exploiting the vulnerability in the mail administration app on the first Linux machine
Use the compromised Linux machine to gather information about the network and the other machines
Try to find a way to pivot from the compromised Linux machine to one of the Windows 10 machines
Once you have access to a Windows 10 machine, try to escalate your privileges and compromise the domain controller
Finally, establish persistence in the network to ensure that you can continue to access it even after a reboot
Scoring:
Exploiting the vulnerability in the mail administration app (100 points)
Compromising one of the Windows 10 machines (200 points)
Compromising the domain controller (500 points)
Establishing persistence in the network (1000 points)
Step by Step Attack Scenario:
Conduct reconnaissance on the network and identify the first Linux machine that acts as the mail server
Find the vulnerability in the mail administration app on the Linux machine
Exploit the vulnerability to gain access to the Linux machine
Use the compromised Linux machine to gather information about the network and the other machines
Try to pivot to one of the Windows 10 machines by exploiting a vulnerability or using stolen credentials
Use the compromised Windows 10 machine to gather information about the domain and try to escalate your privileges using techniques such as password spraying, pass-the-hash, or exploiting a privilege escalation vulnerability
Once you have administrative access to a Windows 10 machine, try to compromise the domain controller using techniques such as exploiting a vulnerability, stealing credentials, or using pass-the-ticket
Finally, establish persistence in the network by creating a back door, deploying a persistent payload, or adding a user to the domain administrators group
Final Note:
The challenge is set up in a simulated environment and does not reflect any real-world network setup.
The challenge is for educational purposes only and should not be used for malicious activities
Last updated