Explore >> Select a destination
|
You are here 
|
shellsharks.com | ||
| | | | |
0xdf.gitlab.io
|
|
| | | | | Active was an example of an easy box that still provided a lot of opportunity to learn. The box was centered around common vulnerabilities associated with Active Directory. There's a good chance to practice SMB enumeration. It also gives the opportunity to use Kerberoasting against a Windows Domain, which, if you're not a pentester, you may not have had the chance to do before. | |
| | | | |
axelp.io
|
|
| | | | | ||
| | | | |
blog.ikuamike.io
|
|
| | | | | Summary As the name suggests this box had a instance of gitlab where the initial foothold involves getting credentials from obfuscated javascript and once logged into the gitlab instance we abuse webhooks to add our own code and execute it to get a reverse shell. Read on to see how I able to root the box. Enumeration As usual I start with a quick nmap scan to find open ports and then run a second scan for service and version detection. | |
| | | | |
www.starkangle.com
|
|
| | | |||
