Solving Game of Active Directory (GOAD) by Orange Cyberdefense Part-1
crackmapexec smb live_hosts
smb signing is disabled and version 1 is enabled for some hosts.
Domains identified:
sevenkingdoms.local
essos.local
Enumerating smb shares:
We found that Guest access is allowed for smbshare βallβ on 192.168.56.22(CASTELBLACK) machine.
Upon checking this share we found it is empty. But we had write permissions.
smbclient //192.168.56.22/all -U "test"
Enumerating valid users from a list of potential users.
curl -s https://www.hbo.com/game-of-thrones/cast-and-crew | grep 'href="/game-of-thrones/cast-and-crew/'| grep -o 'aria-label="[^"]*"' | cut -d '"' -f 2 | awk '{if($2 == "") {print tolower($1)} else {print tolower($1) "." tolower($2);
} }' > got_users.txt
nmap -p 88 --script=krb5-enum-usersβ¦