Corporate Network Pentest Challenge

This advanced challenge simulates a corporate network penetration test. You will start with minimal information and work through network segmentation to achieve full domain compromise.

Challenge Scenario

Client: Fictional Corporation
Access: External attacker perspective
Objective: Compromise the domain controller

The hidden network topology includes a firewall connected to DMZ with web and mail servers, internal network with clients and servers, and management network with domain controller.

Challenge Phases

Phase 1: External Reconnaissance

Identify live hosts, port and service enumeration, version detection, vulnerability scanning.

Phase 2: Initial Access

Potential entry points include vulnerable web application, exposed service exploits, credential attacks, misconfigured services.

Phase 3: Internal Enumeration

After initial foothold: network discovery, Active Directory enumeration, credential harvesting, privilege escalation.

Phase 4: Lateral Movement

Move through network using pass-the-hash, token manipulation, service exploitation, trust abuse.

Phase 5: Domain Compromise

Final objectives: domain admin access, domain controller access, full AD dump, persistence mechanisms.

Available Tools

Nmap for scanning, Metasploit for exploitation, Impacket for AD attacks, CrackMapExec for enumeration, Mimikatz for credential extraction.

Scoring

External foothold 200 XP, Local admin access 300 XP, Lateral movement 400 XP, Domain admin 500 XP, DC compromise 600 XP.

Time Limit

90 minutes. Work efficiently and collect flags at each milestone.