Simulating penetration testing in the lab environment
Given that our lab environment in Azure has been set up successfully, we can now focus on performing the penetration testing simulation to verify that everything has been configured correctly. Similar to the previous chapters, we will work with a simplified penetration process since our primary goal is to assess if the penetration testing lab environment has been set up and (mis)configured correctly.
Our simulation will start with a port scan to check the open ports of one of the target Windows VM instances (ad-domain-controller). We will then use ldapsearch to retrieve the domain name (domain.local) that’s used in our Active Directory setup. Next, we will use Kerbrute to enumerate valid usernames along with brute-forcing the password of one of the enumerated user accounts (johndoe). Using the domain (domain.local) along with the credentials of the johndoe account, we will use Impacket to obtain the service_account account...
