Hack the box-Cascade: An Active Directory Penetration Test.

Derick Neriamparambil
6 min readJul 25, 2020

Cascade is a Windows machine that just got retired. This had got an active directory which we will try to penetrate in and get the admin privilege.

Let's begin with the nmap scan

sudo nmap -sS -sV

After doing the map enumeration, I decided to try LDAP enumeration using ldapsearch

ldapsearch -x -b “dc=CASCADE, dc=local” -h

From this enumeration, I found few usernames and something interesting with r.thompson user

We got a password

Let's try to decode it.

Here I used the online tool to decode it