1

I have set up a domain testing environment on a couple of old computers that i had lying around at home. I have done a lot of information gathering and attempts at exploiting the machines via Metasploit, exploit-db exploits and multiple other surfaces such as mimkatz hash passing, golden tickets etc. However, i just cannot seem to ever be able to get any luck.

The DC is set up as a windows 2008 server sp2 fully updated, to be realistic. I have physical access to the machine obviously but, I was wondering if anyone could provide me with some guidance as to what i should be doing and where i need to be focusing when it comes to gaining Domain Admin level Credentials.

Just a small personal project of mine however would love if someone could help me out.

Cheers

user3801447
  • 31
  • 2
  • Welcome to InfoSec! This question really boils down to "How do I exploit a Windows 2008 server?" which is just too broad a topic. I would start looking at vulnerabilities that effect that OS. Even googling that question came up with lots of different links ([one of them](http://www.securitytube.net/video/5035)). If you run into an issue that you don't understand when using a specific vulnerability/exploit then you'll be able to come back and write a better question. – RoraΖ Apr 16 '15 at 11:28
  • so yeah as @raz says, bit of a broad topic. However if you have a default W2K8 with no additional services, it's unlikely you'll get any easy exploits on it. I'd recommend looking for known vulnerable test systems to practice on rather than starting with what might be a hard target. – Rory McCune Apr 16 '15 at 12:50

0 Answers0