search

Orange-Cyberdefense / GOAD

game of active directory
GNU General Public License v3.0
5.39k stars 746 forks source link

[mindmaps] find user list anonymously #81

Closed Peppy99999 closed 1 year ago

Peppy99999 commented 1 year ago

Hi,

I would like to have more information about this part of the LAB:
https://mayfly277.github.io/posts/GOADv2-pwning-part2/

It said that it is a part done anonymously (no credential), however it is necessary to have user/password to get results for these command:

image

In your writeup, you have results without parameters user/password

image

In my side, I need to fill in these parameters or I don't have any results. crackmapexec smb 192.168.1.12 -u "khal.." -p "ho.." --users

Something is missing from my side or it is not an enumeration anonymously ?

Mayfly277 commented 1 year ago

This enumeration is anonymous on 192.168.56.11 (winterfell). This enumeration is not anonymous on meereen or braavos. i added the anonymous rpc enumeration vulnerability on purpose (see here : https://github.com/Orange-Cyberdefense/GOAD/blob/main/ad/sevenkingdoms.local/data/config.json#L311) because you can find this on very old DC configurations.

maycon commented 1 year ago

Hi,

Neither I can enumerate the users on WINTERFELL: image

But the anonymous logon seems to be enabled: image

Of course I tried passing the empty arguments: image

Appreciate any help.

Mayfly277 commented 1 year ago

Hi, please reboot winterfell. I bet it will be ok after a reboot ;)

maycon commented 1 year ago

It works. Thank you, @Mayfly277. :-)