Category: Uncategorized
-
Active Directory Takeover Pt I – Enumeration to Initial Shell
This is the first in a short series about domain takeover on a standalone exposed domain controller. In general, these steps will not be an exact representation of what one will encounter in a full environment and so it should be noted throughout that there would be further enumeration and lateral movement required on an…
-
Bounty – HackTheBox
Scanning I started with my standard nmap scan. Only one port opened, which I verified by running a scan against all ports as well. Enumeration – HTTP Port 80 There’s just an image here of Merlin with nothing else. Scanning with gobuster found something interesting. Unfortunately, this directory wasn’t working. No vhosts on the box…
-
Bolt – HackTheBox
Bolt is a Medium level machine on HTB that was recently retired. Nmap scan: Enumeration: Port 80 – HTTP There’s a pretty basic website with not many obvious paths, but I was able to download a copy of the docker file that is presumably being used to run the webserver, so saving that for now,…
-
Dynamic Futures: Intro to Modern Vulnerability Management
There are a few ways that VM programs can be setup. The older approach essentially involves a process of performing the following actions: Determining scope Scanning assets Scoring assets by CVSS or other indicator Reviewing scan report and remediating based on scores This method works, and it is certainly better than letting assets sit in…
-
Nineveh – HackTheBox
Nineveh is a medium-ranked box on HTB that happens to be on TJNull’s list of boxes to try for extra OSCP practice. Scanning Enumerating HTTP Port 80 Gobuster revealed an info page. Cool. I had to run another gobuster scan with a more thorough list to uncover another hidden directory. Found this in the page…
-
RazorBlack – TryHackMe
This was a pretty neat little box for learning a little about AD exploits. Note that I had to reset it several times as the network kept timing out, especially when interacting over Evil-WinRM, which is why the IP changes so many times. I started out with my typical nmap scan: That’s a lot of…
A Cyber Journey 