Getting into Active Directory

go back / p4p1


Created on Fri. 05 Feb 2021


ad logo

I am not the one to promote Microsoft but I will be honest hacking Windows is where my entire love for hacking started. My first PC was a Windows 8 and when I updated to Windows 8.1 the hard drive corrupted itself. Since I never used Windows on a daily basis. I first tried AD with the Throwback certification that I did a blog post about. Throughout this certification I was complexly lost but that is why I recently wanted to give AD an other shot and it was so fun to setup I had to write a post about it.

If you wish to follow along you will need a few things to start creating your AD environment. Note that the different configurations are not to be followed if you wish to create a secure environment there are a few holes that I am leaving on purpose to train my hacking skills.

  • Virtual Box
  • Windows 10 server
  • Windows 10 enterprise

Creating the network

Inside of virtual box there is an awesome feature where you can create an internal network for multiple virtual machines. We will be using this feature to have all of the virtual machines linked together. To open this you can do the keyboard combination CTRL+H or just open it through the menu File>Host Network Manager.

crackme radare2 analyze

You now have to click on Create to create a new network pretty simple you will then need to define the IP Address of your host computer and the network mask. I chose a network setup similar to a home network with the range 192.168.2.0/24 and a network mask of 255.255.255.0. You then need to disable DHCP, we will have everything static inside of the network just for consistency.

crackme radare2 analyze

Now we have setup the network we can start setting up the machines.

The Domain Controller

To create the Domain Controller it is pretty straight forward start by creating the virtual machine here is a quick video on how to do it:

After creating the virtual machine you need to go inside of the settings of the machine and edits it's network interfaces adding a new interface. This network interface needs to be attached to Host-only and you need to select the correct Name under it so that it is contained inside of the correct network.

crackme radare2 analyze

Now that we have added the network we can install the Operating System on the machine. Get the copy of windows server and run through the installation. Here is a quick video of the different steps I followed.

The first thing to do now that you have installed the server is to set it up so that it can communicate inside of the network we previously created. Navigate to Control Panel>Network And Internet>Network and Sharing Center here you should see a network card named Ethernet 2. That is what we want to edit navigate to it's IPV4 settings inside of Proprieties.

crackme radare2 analyze

This is how the network card should be configured. Now we need to change the name of the PC to match the Active Directory network before we start. To do that just search "PC Name" inside of the windows search bar and you will be able to edit that. Me I chose BIGBROTHER-DC your computer will restart after that. After that the computer rebooted and you are inside of the Server Manager we can start installing Active Directory.

From here we now want to configure our Domain Controller to do so we will navigate to the flag at the top left and click on Promote this server to Domain Controller. In the following image I messed up I didn't install the correct service but the button should be located in the same area.

crackme radare2 analyze

After that we will want to configure our forest, to do so you should follow these steps:

  1. Add a new forest (I named my root node BILLYGOAT.local)
  2. Put a password (I chose the same as the admin password)
  3. On the third page there is nothing to configure, just press next
  4. In the NetBIOS page you should see the same name as provided in the first step
  5. On the fifth page there is nothing to configure, just press next
  6. On the sixth page there is nothing to configure, just press next
  7. The Prerequisites check will take a while but when it's finished click on install

After all of this configuration you should reboot. After that you should follow the same steps as above where we installed the domain controller but now we want to install "Active Directory Certificate Services". After that exactly the same as the Domain Controller steps you will want to click on the flag and click on Configure Active Directory Certificates Services and follow those steps:

  1. On the first page there is nothing to configure, just press next
  2. Check the Certification Authority checkbox
  3. On the second page there is nothing to configure, just press next
  4. On the third page there is nothing to configure, just press next
  5. On the fourth page there is nothing to configure, just press next
  6. For the Validity Period you can put how many years you want if you think of reusing this in the future just put 99Years
  7. On the sixth page there is nothing to configure, just press next

Now just press the Configure button and the domain controller should be all set!

Adding Users

Inside of the Domain Controller navigate to Tools then Active Directory Users and Computers. Inside of this prompt click on your domain name then Users. If we right click in users there should be a New prompt with written "User" and that is what you should click to create a new User.

Creating a Client Machine

We will now focus on creating a client machine, to do so we will take our copy of Windows 10 Enterprise and Install it on a new virtual machine. Do not forget to add the second network adapter exactly like we did inside of the Domain Controller. After the installation and setup of the machine we can configure the ipv4 address of the second adapter exactly like before the only difference is that instead of using 8.8.8.8 as our IP address for the DNS service we want to input the IP address of the Domain Controller the Domain Controller will be the DNS server of the network. After configuring the IP addresses we have to connect the machine to the network to do so Navigate to the bottom search bar and search for domain it should show you the following:

crackme radare2 analyze

You will then want to click on Access work or school You will then want to click on Connect Here you will have the option to Join this device to a local Active Directory Domain here you will enter the Domain Controller name for example BILLYGOAT.local you will then be prompted to enter the domain Admin Username and Password.


Now this should be it you can have fun configuring your network the way you want to and start messing around with different programs like responder for example. Thank you for reading this blog post took a long time to write and I hope that you read the others that I wrote :)