Back to all walkthroughs
Recovering Active Directory
Premium roomLearn basic techniques to recover an AD in case of compromise.
medium
To access material, start machines and answer questions login.
Set up your virtual environment
To successfully complete this room, you'll need to set up your virtual environment. This involves starting the Target Machine, ensuring you're equipped with the necessary tools and access to tackle the challenges ahead.
Lab machine
Status:Off
We learned basic concepts on implementing group policies and the least privilege model in the previous room. In this room, we will focus on Active Directory vulnerabilities, methods for recovering the compromised Active Directory domain controller, and preventive measures to avoid hacking attempts. We will also discuss the Active Directory red architecture to implement operating system hardening and benchmarks defined for the server environment.
Learning Objectives
The topics that we will cover in this room include:
- Immediate actions after infection
- Identifying attack patterns and how to locate an infection vector
- Basic recovery process
- Common misconfigurations by domain administrators
- Post-recovery steps
Prerequisites
We recommend going through the Windows Hardening room to develop a solid understanding of Windows protection architecture.
Connecting to the Machine
We will use Windows Server 2019, serving a compromised domain controller throughout the room. We assume that the hackers somehow got access to the domain controller on Apr 10, 2023, and now creating additional accounts, modifying group policies, and disrupting essential services of our network. The credentials to access the are mentioned below:
- IP:
MACHINE_IP - Username:
THM\Administrator - Password:
recover@123
You can access the VM by clicking Start Lab Machine. The machine will start in a split-screen view. If the is not visible, use the blue Show Split View button at the top-right of the page. Alternatively, you can access the through Remote Desktop using the above credentials.
Let's begin.
Answer the questions below
I can connect to the machine.
What is the flag value after connecting to the machine?
Ready to learn Cyber Security?
The Recovering Active Directory room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in