Solving Game of Active Directory (GOAD) by Orange Cyberdefense Part-1

n00πŸ”‘
3 min readOct 11, 2023
crackmapexec smb live_hosts

smb signing is disabled and version 1 is enabled for some hosts.

Domains identified:

sevenkingdoms.local
essos.local

Enumerating smb shares:

We found that Guest access is allowed for smbshare β€œall” on 192.168.56.22(CASTELBLACK) machine.

Upon checking this share we found it is empty. But we had write permissions.

smbclient //192.168.56.22/all -U "test"

Enumerating valid users from a list of potential users.

curl -s https://www.hbo.com/game-of-thrones/cast-and-crew | grep 'href="/game-of-thrones/cast-and-crew/'| grep -o 'aria-label="[^"]*"' | cut -d '"' -f 2 | awk '{if($2 == "") {print tolower($1)} else {print tolower($1) "." tolower($2);
} }' > got_users.txt


nmap -p 88 --script=krb5-enum-users…

--

--

n00πŸ”‘
n00πŸ”‘

Written by n00πŸ”‘

Computer Security Enthusiast. Usually plays HTB (ID-23862). https://www.youtube.com/@pswalia2u https://www.linkedin.com/in/pswalia2u/ Instagram @pswalia4u

No responses yet