|
You are here |
blog.ikuamike.io | ||
| | | | |
taeluralexis.com
|
|
| | | | | Exploit a machine through SMB and elevate privileges by performing a kerberoasting attack on a domain admin. | |
| | | | |
www.justus.pw
|
|
| | | | | [AI summary] The user successfully gained access to a system by exploiting a Heartbleed vulnerability, decrypted an RSA key using a password obtained from memory, and then used that key to log in as the 'hype' user. After enumerating the system, they accessed a Tmux session to gain root access and retrieved the root flag. | |
| | | | |
0xdf.gitlab.io
|
|
| | | | | One of the neat things about HTB is that it exposes Windows concepts unlike any CTF I'd come across before it. Forest is a great example of that. It is a domain controller that allows me to enumerate users over RPC, attack Kerberos with AS-REP Roasting, and use Win-RM to get a shell. Then I can take advantage of the permissions and accesses of that user to get DCSycn capabilities, allowing me to dump hashes for the administrator user and get a shell as the admin. In Beyond Root, I'll look at what DCSync looks like on the wire, and look at the automated task cleaning up permissions. | |
| | | | |
leonjza.github.io
|
|
| | | foreword Tr0ll2 is a successor in a boot2root series by @Maleus21 hosted over at VulnHub. Having been able to pwn Tr0ll1, I gave this one a shot too. Here is my experience taming the troll, again. | ||