/explore

Click through on any links that interest you or select the planets on the right to continue exploring the Outer Web.
You are here

infosec.rm-it.de
| | www.justinvollmer.com
11.1 parsecs away

Travel
| | Justin Vollmer's personal website
| | shellsharks.com
5.2 parsecs away

Travel
| | A walkthrough of pwning the HackTheBox machine
| | blog.ikuamike.io
1.5 parsecs away

Travel
| | Summary As the name suggests this box had a instance of gitlab where the initial foothold involves getting credentials from obfuscated javascript and once logged into the gitlab instance we abuse webhooks to add our own code and execute it to get a reverse shell. Read on to see how I able to root the box. Enumeration As usual I start with a quick nmap scan to find open ports and then run a second scan for service and version detection.
| | 0xdf.gitlab.io
15.2 parsecs away

Travel
| I loved Sizzle. It was just a really tough box that reinforced Windows concepts that I hear about from pentesters in the real world. I'll start with some SMB access, use a .scf file to capture a users NetNTLM hash, and crack it to get creds. From there I can create a certificate for the user and then authenticate over WinRM. I'll Kerberoast to get a second user, who is able to run the DCSync attack, leading to an admin shell. I'll have two beyond root sections, the first to show two unintended paths, and the second to exploit NTLM authentication over HTTP, and how Burp breaks it.