Hack The Box - Forest Writeup
A writeup for HTB Forest, covering Active Directory enumeration, anonymous LDAP and RPC enumeration, AS-REP roasting, BloodHound analysis, ACL abuse, DCSync, and domain compromise.
A writeup for HTB Forest, covering Active Directory enumeration, anonymous LDAP and RPC enumeration, AS-REP roasting, BloodHound analysis, ACL abuse, DCSync, and domain compromise.
A writeup for the Resourced lab, covering SMB enumeration, credential discovery, NTDS dumping, WinRM access, BloodHound analysis, and Resource-Based Constrained Delegation.
A writeup for the Jacko lab, covering H2 Database exploitation through JNI, reverse shell access, Windows enumeration, and privilege escalation using SeImpersonatePrivilege.
A writeup for the Internal lab, covering SMB enumeration, MS09-050 vulnerability research, exploit testing, and exploitation using Metasploit.
OffSec Proving Grounds Practice - Hutch Writeup This is my writeup for Hutch, a Windows Active Directory machine from OffSec Proving Grounds Practice. Compared with my previous AuthBy writeup, this lab was more focused on Active Directory enumeration and privilege escalation. The most important lesson was that a domain compromise does not always start with an exploit. In this case, the attack path came from careful LDAP enumeration, credential discovery, BloodHound analysis, and abuse of LAPS read permissions. ...
OffSec Proving Grounds Practice - AuthBy Writeup This is my writeup for AuthBy, a Windows machine from OffSec Proving Grounds Practice. I found this machine quite useful because the attack path was not just about scanning and running a public exploit. The chain started from FTP enumeration, moved into credential discovery, then web access, initial foothold through a PHP reverse shell, and finally Windows privilege escalation. The overall attack path was: ...