Lab 315 LDAP Enumeration zdp PDF

Preview

Summary

ldap enumeration ...

Description

Lab 3.1.5 LDAP Enumeration

Introduction During this phase of attack, we will capture credentials in transit over the network. This will simulate a Man-in-the-Middle attack. We will take those captured credentials and crack them. We will use the compromised credentials to explore LDAP. Objective Implement MITM attack and capture credentials. Compromise the credentials and enumerate LDAP.

Legal Disclaimer: Attacking systems you do not have permission to attack is illegal. Only perform attacks on machines and networks you own or have permission for. The primary intent of this Lab is to demonstrate how network security and various protection methods can be circumvented by exploiting methods and techniques. While possession of information or tools used violates no laws, actually using or implementing them may violate Federal Law. Information provided herein is only for Educational and Research purposes. Techniques and tools introduced in this lab may not be used by you or any other party for any purpose that violates any local, state, federal or foreign law. Breaking into any network or computer system not owned by you may be illegal.

Equipment/Resources/Supplies Needed ● Virtual Environment (provided by Instructor) Course Outcome(s) CO4 [WECM]: Use relevant tools to assure security requirement

Assignment Enumerate LDAP environment.

Procedure Note: Some information gathered will be duplicated by the various tools/techniques – use this to verify/confirm finding. Remember to record any output/ data/ screenshots that may be useful later for an assessment report.

Lab 3.1.5 LDAP Enumeration

The following is the ip block of addresses of the target organization: 197.28.10.10-197.28.10.160

1. To get started, access the ITSY-2359 Kali VM. (Starting MITM attack) a. Type “responder -h” in the Kali terminal. (We will be using options -wrf or -w -r -f. We need to understand what the tool will do.) Question 1: Define what these options will do. - W, turns on or off WPAD rouge proxy server - -r, enables answers for netbios wredir suffix queries. - -f will turn fingerprint off

b. Type “clear” in the Kali terminal. c. Type “responder -I eth0 -wrf” and leave Responder open running on Kali terminal.

2. Simulate the process as a victim. a. Log into the Windows 10 AD with: Username: administrator Password: password b. Open File Explorer and enter in the address bar \\letmein and press Enter. c. Provide the Windows login credentials used to log into Windows 10 AD and press Enter. (You will receive an error that the share can not be found.) 3. Compromising captured credentials. a. Go back to ITSY-2359 Kali and note the information obtained by Responder. b. Type “Ctrl + C” to stop Responder. 4. Finding the location Responder stores the captured hashes. a. Open File Manager and locate: /usr/share/responder/logs/SMB-NTLMv2-SSP-197.28.10.201.txt (This will be the file that contains the hash(s) captured) Lab 3.1.5 LDAP Enumeration

5. Finding the location of the wordlist we will use with John to attempt a dictionary attack. a. Open File manager and locate: /usr/share/wordlists/rockyou.txt (This is a file containing possible passwords used in a dictionary attack.) 6. Using John to crack the captured hash. a. Open a terminal in Kali. b. Type “john /usr/share/responder/logs/SMB-NTLMv2-SSP-197.28.10.201.txt wordlist=/usr/share/wordlists/rockyou.txt c. Take note of the username and password provided from John. 7. LDAP Enumeration with Jxplorer. a. Open a new terminal in Kali and type “jxplorer”. The following screen will open:

b. Click on the connect button which is circled above. c. On the popup screen, enter the IP Address of Host (197.28.10.200) and change the drop box from “Anonymous” to “User + Password”.

Lab 3.1.5 LDAP Enumeration

d. Input the credentials of: Username: HackMe\administrator Password: password Click “OK”

8. Setting up JXplorer to explorer LDAP of HackMe domain. a. Change the Quick Search to read as follows: “cn >= HackMe”

b. Click to highlight the domain “HackMe” and press Enter.

Lab 3.1.5 LDAP Enumeration

c. The following screen will be presented if preformed correctly:

d. Click “OK”. e. The following screen should be displayed showing the enumeration of LDAP:

Lab 3.1.5 LDAP Enumeration

Question 2: List all users from the Users OU:

Question 3: List all computer accounts from Wembley Stadium OU:

Question 4: List the name of the Domain Controller(s):

Question 5: List the computer(s) in the Computers OU: Win 10

Lab 3.1.5 LDAP Enumeration

Report Template

Reconnaissance Activity Report (1)

Purpose

To see how the lack of network security can allow a remote hacker to get into a system and potentially bring down a single computer or the whole network and gain access to potentially cause harm to an organization.

(2)

Tool Name(s) /Descriptions

(3)

Kali – Jexplorer - open source LDAP browser John – password cracker Responder – quick credential cracker to potentially gain remote access

Security Status The Windows 10 AD system is Highly Vulnerable

(4)

Supporting evidence

Using tools in kali allowed me to remotely access the windows 10 AD, If this was a real world scenario, having access to the active directory information I could possibly inject malware or other types of viruses to bring down the organizations network and information infrastructure.

Recommendation(s) /Countermeasure(s)

Enforce Password length with a minimum of at least 10 characters, where the password expires after 180 days.

(5)

Passwords must have a combination of Upper Case, Lower Case, Numbers, and one special character. Admin Accounts need to have a minimum password length of 16 characters, where the password expires after 180 days. Lab 3.1.5 LDAP Enumeration

Only give accounts as much access as they need to be productive at there job, if billy is a sales rep, he shouldn’t have access to Active directory.

Tools/Methodologies (1)

What is the purpose of this exercise? To see how the lack of network security can allow a remote hacker to get into a system and potentially bring down a single computer or the whole network and gain access to potentially cause harm to an organization.

(2)

List the tool(s) used to conduct your assessment Provide a brief description of the tool(s) and its purpose [Why use this tool?]. Kali –

Jexplorer - open source LDAP browser John – password cracker Responder – quick credential cracker to potentially gain remote access Assessment (3)

What is your overall assessment of how secure this system is, based on your ability to identify the network addresses, operating systems, and ports/services running? Highly Vulnerable

Findings (4)

Provide evidence statement to substantiate your claim [what were you able to do?]

Provide summarized findings or relevant screenshots to support your evidence statement [back up what you are saying – what were you able to discover?] Using tools in kali allowed me to remotely access the windows 10 AD, If this was a real world scenario, having access to the active directory information I could possibly inject malware or other types of viruses to bring down the organizations network and information infrastructure.

Lab 3.1.5 LDAP Enumeration

Recommendations (5)

Provide a recommendation/countermeasure that specifically addresses the issue(s) noted that can be implemented to reduce impact to system. [Note. ‘fix the problem identified’ or saying that something needs to be done by someone else is not a recommendation for the issues noted]

Enforce Password length with a minimum of at least 10 characters, where the password expires after 180 days. Passwords must have a combination of Upper Case, Lower Case, Numbers, and one special character.

Admin Accounts need to have a minimum password length of 16 characters, where the password expires after 180 days.

Only give accounts as much access as they need to be productive at there job, if billy is a sales rep, he shouldn’t have access to Active directory.

Lab 3.1.5 LDAP Enumeration

Grading Rubric Exemplary (5)

Accomplished (3)

Developing (1)

Beginning /Incomplete (0)

Scope/Purpose is clear and unambiguous. The topic or meaning of the document is clear and well supported by detailed information

Scope/Purpose Statement(s) lacks some precision and clarity or is missing a key point/element

The document provides a minimal explanation to reader about its the meaning/purpose.

No evidence or materials are incomplete. Statements do little to demonstrate even a rudimentary understanding of problem or issues

Tools/ Methodologies

Tools and methods used are listed with a clear description of purpose in the assessment process

Tools and methods used, but description is lacking in clarity as to the purpose in the assessment process

Not all tools and methods or lack a clear description as to their purpose in the assessment process

No evidence or materials are incomplete; Document demonstrates no evidence of searching for and selecting data to answer question/issue

Data Summarization/ Analyses

Data is summarized appropriately (graphs, tables) to reflect noted deficiencies and issues. Relevant screenshots to demonstrate system issue are provided

Analysis is basic or general. Data is lacking or not properly summarized to reflected deficiencies/ findings properly. Some additional relevant screenshots are provided.

Analysis is vague or not evident. Limited or missing summarization of data. Limited or no mention of key deficiencies or issues are addressed. No screenshots provided.

No evidence or materials are provided or incomplete

Purpose/ Scope (Demonstrate ability to identify the essential question, issue, and/or problem)

(Demonstrate the ability to gather data relevant to the essential question, issue, and/or problem)

Lab 3.1.5 LDAP Enumeration

Score

Assessment (Demonstrate the ability to recognize and evaluate assumptions, major alternative points of view and related theories, principles, and ideas relevant to the question, issue, and/or problem) Recommendation (Demonstrate the ability to develop informed conclusions/ solutions)

Communication in Written Form/ Professional Appearance (Demonstrate the ability to communicate any or all parts of the above process in written or oral form)

Content Knowledge

A clear statement of the overall assessment is provided. Fully developed and supported conclusions are provided that reflect specific findings noted, and interpretations of results. Evidence is provided to substantiate statement.

A statement of the overall assessment is provided but is lacking in substantiating statement(s). Some evidence on which conclusions are based are provided but lacks proper interpretation.

Ambiguous, illogical, or unsupportable conclusion derived from findings. Position not clearly articulated. Does not provide adequate supporting arguments, evidence, examples and/or details in support of conclusion.

No evidence or materials are incomplete; No conclusion was apparent.

Recommendations are relevant, and specifically address the issues noted in assessment with details and

Recommendation are Relevant and logical but lack depth/details in specifically addressing the

Recommendations are inconsistent and not based on or support the findings or assessment.

No evidence or materials are incomplete; Document provides recommendations that do not meet,

supporting arguments.

assessment/issues noted

Document is wellwritten in proper English and effectively communicates ideas. Contains no errors in grammar, punctuation, capitalization & spelling. Good transitions between paragraphs. The document adheres to a specific format standard and is well constructed and neat.

Document mostly written in proper English and somewhat effectively communicates ideas. Contains some minor errors in grammar, punctuation, capitalization & spelling. Transitions easy to follow. Almost all the document adheres to a specific format standard. Almost all document is well constructed and neat.

Document does not properly convey or communicate ideas clearly. Contains some minor errors in grammar, punctuation, capitalization & spelling. Transitions between topics awkward and hard to follow. Most of the document adheres to a specific format standard. There are several errors in formatting. Does not look neat.

Student fully meets/exceeds assignment expectations and presents a clear and specific

Student meets assignment expectations. Submission demonstrates that the author, for the

Student does not No evidence or meet assignment materials are expectations. incomplete Submission does not demonstrate that the author has

Lab 3.1.5 LDAP Enumeration

nor address, the problem/issue.

No evidence or materials are incomplete; Work poorly written. Contains numerous grammar, punctuation, capitalization & spelling errors.

understanding of the competency. Submission demonstrates that the author fully understands and has applied concepts learned in the course.

most part, understands and has applied concepts learned in the course.

fully understood and applied concepts learned in the course.

Score (Points Earned/35)* 100:

Lab 3.1.5 LDAP Enumeration...