Member-only story

HTB AD Track: Active Walkthrough

Param Dave
4 min readJan 22, 2024

--

Hello Everyone!! As I continue my hacking journey in 2024, I have started working on machines in HackTheBox platform that focus on Active Directory Penetration Testing.

Here’s my writeup for the machine Active.

Let’s start scanning and enumeration using Nmap.

Command: nmap -sS -T4 -A -p- -oA <output_file> <target-ip>

-sS: TCP SYN Scan

-T4: Faster scan time

-A: Enables OS and version detection, scans ports using common nmap scripts for specific vulnerabilities and performs traceroute.

-p-: Scan all 65535 ports

-oA: Save scan in 3 file formats (.nmap, .xml, .gnmap)

<output_file>: Replace with a file name of your choice

<target-ip>: Replace with the given IP address of the target machine

Following ports and services are discovered:

Output of Nmap Scan

Begin port-by-port enumeration.

Port 53: No results found using nslookup or dnsrecon.

Port 135: msrpc anonymous login allowed but unable to use any of the commands.

Port 445: Run enum4linux and we find a…

--

--

Param Dave
Param Dave

No responses yet