Understanding the Active Directory Attacks easiest way 2.0 (10-year-old Kid).
Understanding the Active Directory easiest way 1.0
As promised here you go, Demystifying Common Attack Directory Attacking concepts. The only pre-requisite is Good Imagination power ;)
LMNR Poisoning Attack🧪
Imagine you have a secret treasure box and you want to keep it safe from people who might try to steal it. To do this, you tell your friend to keep an eye on the box and make sure only you can open it.
Now, imagine there’s a bad person who wants to steal your treasure. They pretend to be your friend and trick your real friend into giving them the key to the box. Now, the bad person can open the box and take your treasure!
This is similar to what happens in an “LMNR poisoning attack” which is like the secret code that helps computers find and talk to each other on a network. In this type of attack, Hacker tricks the network into thinking their computer is the computer you want to talk to, and then they can spy on the information you’re sending and receiving. It’s like they stole the key to the secret code and now they can listen in on all your conversations! — Man In the Middle Attack.
SMB Relay Attack🔁
Imagine you’re playing a game with your friends and you’re all taking turns to play. But one of your friends is cheating and is trying to pretend to be someone else in the game to get an advantage. That’s kind of like what an SMB relay attack is.
In the computer world, when a computer wants to talk to another computer, it uses something called SMB (Server Message Block) protocol. This is like a language they both speak to send messages back and forth. An attacker can trick one computer into thinking they’re another computer it trusts and steal information like passwords and whatnot.
So in an SMB relay attack, the attacker pretends to be someone else, like in the game, to steal information and do things they shouldn’t be able to do.
Kerberoasting🎫
Kerberos is like a bouncer at a party who makes sure that only the right people get in and only they can talk to each other.
Let’s say you want to play a game with your friend, who lives in a different house. You both have to be in the same game room to play together.
Kerberos acts as the bouncer at the game room door. Before you can get in and play with your friend, you have to tell the bouncer who you are and show him your invitation (kind of like a password).
Once the bouncer knows it’s really you, he gives you a ticket that lets you into the game room. Your friend also has to go through the same process to get his ticket. Now that you both have tickets, you can finally play the game together. But what if someone else tries to pretend they’re you or your friend and tries to join the game? The bouncer won’t let them in because they don’t have the right ticket.
This is how the Kerberos Authentication protocol works with computers on a network. When a computer wants to access a resource, like a file or a website, it has to prove who it is to the Kerberos “bouncer” (which is actually a network server). If the computer is allowed, the bouncer gives it a ticket that lets it access the resource. This helps keep the network secure and makes sure that only the right computers can access the resources they’re supposed to.
IPv6️⃣Attack
Okay so now you have a Big giant house and you put your address on the outside so that your friends can come and visit you, computers also have addresses. These addresses help computers to find and talk to each other on the internet. In the old days, computers used a type of address called IPv4, but now there is a newer type of address called IPv6. IPv6 addresses are bigger and have more numbers than IPv4 addresses.
Just like how a thief might steal your house address and pretend to be you to trick your friends, some bad people can also trick computers by pretending to be a different computer.
An IPv6 Active Directory attack is when a bad person tries to trick a computer into thinking that they are the Active Directory, which is like the boss of a group of computers in a network. By tricking the computer, the bad person can get access to sensitive information and do harmful things.
Token Impersonation 🍪
Cookies for our Computer. Okay back to the Imagination now.
Picture a scenario where you and your friends play dress-up, where you each take turns wearing someone else’s clothes and pretending to be them. In the same way, an attacker can pretend to be someone else in the computer world by using a special code called a “token.” This is called a “Token Impersonation Attack.”
An attacker can trick the computer into thinking they are someone with a lot of important power, like a teacher or a boss. With this fake power, the attacker can do things they shouldn’t be able to do, like looking at secret files or sending harmful messages to others.
Golden Ticket🎫 Silver Ticket📃
Last Imagination, I promise. Imagine that you and your friends have a clubhouse where you all keep your most valuable toys and secrets. The clubhouse has a secret code that only members know, and the code changes every day.
In a Golden Ticket attack, a hacker pretends to be the leader of the club and creates a fake secret code that never changes. This fake code allows the hacker to enter the clubhouse at any time, without being stopped by the others. The hacker can take anything he wants from the clubhouse, and nobody will know because he is using a fake secret code.
In a Silver Ticket attack, the hacker does not pretend to be the leader of the club. Instead, he creates a fake secret code that only works for a limited time. This fake code allows the hacker to enter the clubhouse, but only for a short period of time. After the time runs out, the hacker cannot enter the clubhouse again. The hacker can still take things from the clubhouse while he is inside, but he has to be quick.
Both Golden Ticket and Silver Ticket attacks can be very dangerous to a computer network because they allow the hacker to access sensitive information and cause harm without being detected.
We will deep dive into “Defending Active directory” in the next blog.
