Domain Admin

Initial Reconnaissance Port Scanning 1 nmap -Pn -p- -sC -sV $TARGET --open -oA nmap/scan --min-rate 3000 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Starting Nmap 7.93 ( https://nmap.org ) at 2026-02-05 10:06 EST Nmap scan report for 10.1.98.36 Host is up (0.026s latency). Not shown: 65525 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 80/tcp open http Microsoft IIS httpd 10.0 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds? 636/tcp open ssl/ldap Microsoft Windows Active Directory LDAP 3269/tcp open ssl/ldap Microsoft Windows Active Directory LDAP 3389/tcp open ms-wbt-server Microsoft Terminal Services Service Info: Host: DC-404; OS: Windows Key Services Identified: ...

Objective / Scope Lumon Industries will soon be integrating a high-value employee into the organization. In accordance with internal security protocols, a comprehensive penetration test and internal access verification must be conducted prior to full onboarding. For this assessment, valid credentials were provided for a standard domain user. The goal was to understand what level of access this account truly had, identify any escalation paths, and determine whether internal controls would prevent an attacker from moving laterally or escalating privileges. ...