Explore >> Select a destination
|
You are here 
|
blog.ikuamike.io | ||
| | | | |
0xdf.gitlab.io
|
|
| | | | | Active was an example of an easy box that still provided a lot of opportunity to learn. The box was centered around common vulnerabilities associated with Active Directory. There's a good chance to practice SMB enumeration. It also gives the opportunity to use Kerberoasting against a Windows Domain, which, if you're not a pentester, you may not have had the chance to do before. | |
| | | | |
www.securitynik.com
|
|
| | | | | In this post, I'm learning about Kerberos and one of its attacks. Specifically, I'm learning about Authentication Service Response (AS-REP) ... | |
| | | | |
0xdf.gitlab.io
|
|
| | | | | One of the neat things about HTB is that it exposes Windows concepts unlike any CTF I'd come across before it. Forest is a great example of that. It is a domain controller that allows me to enumerate users over RPC, attack Kerberos with AS-REP Roasting, and use Win-RM to get a shell. Then I can take advantage of the permissions and accesses of that user to get DCSycn capabilities, allowing me to dump hashes for the administrator user and get a shell as the admin. In Beyond Root, I'll look at what DCSync looks like on the wire, and look at the automated task cleaning up permissions. | |
| | | | |
taeluralexis.com
|
|
| | | In this writeup, we'll exploit a Linux machine on Hack The Box with CVE-2023-46604, leveraging Java deserialization for remote code execution. | ||
