Open in app

Sign in

Write

Sign in

Member-only story

THM - Attacktive Directory

Francesco Pastore
5 min readApr 3, 2025

A writeup for the room Attacktive Directory on TryHackMe

99% of Corporate networks run off of AD. But can you exploit a vulnerable Domain Controller?

Attacktive Directory

99% of Corporate networks run off of AD. But can you exploit a vulnerable Domain Controller?

tryhackme.com

Task 3 - Welcome to Attacktive Directory

What tool will allow us to enumerate port 139/445?

It’s a popular tool used for enumeration of Windows systems.

What is the NetBIOS-Domain Name of the machine?

It can be found with the tool mentioned in the previous answer, or by running a script scan with nmap.

nmap -A MACHINE_IP

What invalid TLD do people commonly use for their Active Directory Domain?

The answer is the last part of the AD domain given in the task description.

Task 4 - Enumerating Users via Kerberos

--

--

Francesco Pastore
Francesco Pastore

Written by Francesco Pastore

145 followers
65 following

An engineering student in Milan and a web developer for an IT company. Write about programming and cybersecurity topics.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech