Explore >> Select a destination
|
You are here 
|
byt3bl33d3r.github.io | ||
| | | | |
blog.ropnop.com
|
|
| | | | | I've shown all the different ways to own a Windows environment when you have a password - but having a hash is just as good! Don't bother cracking - PTH! | |
| | | | |
foxglovesecurity.com
|
|
| | | | | By @breenmachine Privilege Escalation on Windows 7,8,10, Server 2008, Server 2012... and a new network attack How it works Hot Potato (aka: Potato) takes advantage of known issues in Windows to gain local privilege escalation in default configurations, namely NTLM relay (specifically HTTP->SMB relay) and NBNS spoofing. If this sounds vaguely familiar, it's because a... | |
| | | | |
bogs.io
|
|
| | | | | An extensive walk-through the popular methods of exploiting SMB using tools such as Metasploit, Reponder, psexec | |
| | | | |
0xdf.gitlab.io
|
|
| | | I loved Sizzle. It was just a really tough box that reinforced Windows concepts that I hear about from pentesters in the real world. I'll start with some SMB access, use a .scf file to capture a users NetNTLM hash, and crack it to get creds. From there I can create a certificate for the user and then authenticate over WinRM. I'll Kerberoast to get a second user, who is able to run the DCSync attack, leading to an admin shell. I'll have two beyond root sections, the first to show two unintended paths, and the second to exploit NTLM authentication over HTTP, and how Burp breaks it. | ||
