The Auror Project
Challenge - 2: Crown Jewel Analysis
This challenge is all about users and groups in Active Directory Network. We need to create a number of different users and groups. Once done, we need to add the users into their respective groups. The complete thing can be done using the GUI as well as the CLI. In this write up, I’ll be performing everything using the GUI.
If you are already familiar with the process of creating users and adding them into groups, the complete challenge would hardly take 15 minutes to complete.
The Task
The Task includes 3 machines:
- The Domain Controller
- The Crown Jewel Server
- Your own machine
The task is divided into 2 phases:
Phase-1:
Create and distribute the following security groups:
- “Server Administrators” - Local Administrator on Crown Jewel - 5 Members
- “Server Maintenance” - RDP Rights - 5 Members - 2 Members are Server Administrators
- “Helpdesk Admins” - Local Administrator on Your Own Machine - 5 Members
- “Domain Admins” - 5 Members
- “Exchange Admins” - Local Administrator on Domain Controller - 5 Members
In total there will be 5 Groups and 23 Users.
Phase-2:
In Phase-2, we need to perform some detections.
- Gather the count of administrators on the Crown Jewel Machine and Domain Controller. Detect when number changes.
- Detect when a computer account is added to any of the created domain security groups.
- Detect a change to the domain admins group membership and alert in slack
- Detect when a helpdesk admin is also a server administrator
- Detect an attempt to spray passwords using user attributes.
Phase-1:
Steps to Create a new Local User on Server
- Go to Server Manager
- Click on Tools and select Computer Management
- Under System Tools, click on Local Users and Groups
- Double Click on Users Folder
- Right Click and Select New User
- Enter all the details and click on Create
Steps to Create a new Group on Server
- Go to Server Manager
- Click on Tools and select Computer Management
- Under System Tools, click on Local Users and Groups
- Click on Group Folder
- Right Click and Select New Group
- Enter all the details, add the members and click on Create
Steps to Create a new Local User on Standard Windows
- Go to Control Panel
- Select User Accounts and then again User Accounts
- Select Manage Another Account
- Click on Add a new user in PC settings
- Under Other Users, click on Add someone else to this PC
- In the Microsoft Account Prompt, click “I don’t have this person’s sign-in information”
- In the next prompt, click “Add a user without a Microsoft account”
- Enter all the required information and click create.
- Once the account is created, select the account and change the Account Type to Administrator.
- Click on Add a new user in
Creating Local Administrators
- Go to Server Manager
- Click on Tools and select Computer Management
- Under System Tools, click on Local Users and Groups
- Click on Group Folder
- Right click on Administrator’s Group and select Properties.
- Under members, click on Add
- Select Location to Machine Name and click OK
- Click Apply and then OK
Giving Users RDP Rights
- Go to Server Manager
- Click on Tools and select Computer Management
- Under System Tools, click on Local Users and Groups
- Click on Group Folder
- Right click on Remote Desktop Users and select Properties
- Under members, click on Add
- Select Location to Machine Name and click OK
- Click Apply and then OK
Creating Users in Active Directory
- Go to Server Manager
- Click on Tools and Select Active Directory Users and Computers
- Under the domain name, select Users
- Right Click and Select New and then Users
- Enter the required details
- Click Next, Enter Password and OK
Creating Domain Admins
- Go to Server Manager
- Click on Tools and Select Active Directory Users and Computers
- Under the domain name, select Users
- Double click on Domain Admins Group
- Go to the Members Tab and Click Add
- Enter the required details and click OK
Users Created
Crown Jewel | User Machine | Domain Controller |
---|
john | rocky | rambo |
jack | ron | addy |
emma | jeff | tench |
elizabeth | kevin | jackson |
samuel | mary | drake |
goblin | | louis |
dobby | | jimmy |
rick | | tony |
| | sammy |
| | michael |
Groups and its Members
Crown Jewel Server
Server Administrator | Server Maintenance |
---|
john | john |
jack | jack |
emma | goblin |
elizabeth | dobby |
samuel | rick |
User Machine
Helpdesk Administrator |
---|
rocky |
ron |
jeff |
kevin |
mary |
Domain Controller
Domain Admins | Exchange Admins |
---|
rambo | louis |
addy | jimmy |
trench | tony |
jackson | sammy |
drake | michael |