Exploiting with BloodHound and Mimikatz

Here are the initial instructions and explanation of the lab environment. Read this while your environment is busy creating itself from nothing. Yes, this violates physics; we know. How fun!

As part of your role as a penetration tester at Globomantics, you need to analyze the Active Directory environment to uncover potential security weaknesses. BloodHound has already been set up by a fellow team member, so your first task is to access and configure it. Afterward, you'll install and run SharpHound on the Active Directory Domain Controller to collect detailed information about the AD environment. This information will help you map out relationships, permissions, and potential attack paths within Globomantics' AD infrastructure using BloodHound.

With the data collected using SharpHound, you will now analyze the Active Directory environment using BloodHound. The information you've gathered includes user relationships, group memberships, and privilege levels. Your goal is to identify critical attack paths that could allow an attacker to move laterally within the network or escalate privileges. This analysis will help you pinpoint the most vulnerable aspects of Globomantics AD infrastructure, providing insights into how an attacker might exploit these weaknesses.

After identifying potential security gaps in the Globomantics Active Directory environment using BloodHound. As a penetration tester, you'll use Mimikatz on the compromised Windows client to extract NTLM hashes, which will allow you to authenticate as another system without needing their password. Specifically, you will execute a pass-the-hash attack to gain unauthorized access to the Domain Controller, demonstrating how an attacker could escalate privileges and move laterally within the network.

Welcome to the final challenge! This is your last chance to experiment in the environment. Clicking Finish Lab will end this little world that flittered into existence just for you.