Tag: Kerberos
-
Mantis – HackTheBox
Mantis was a hard machine that focused on good enumeration and discovering an older vulnerability in the way kerberos authenticates regular users. We’ll first discover a mssql credentials, access the mssql server, and extract a domain user’s credentials. From there we will find the version of Windows Server is vulnerable to MS14-068 which allows for…
-
Forest – HackTheBox
Forest is a much-hyped retired “Easy” Windows machine that deals with a wide variety of common AD attack vectors, both for initial entry and privilege escalation. Initially, I was able to leverage RPC to dump usernames from the domain, then ASRep-roast a service account. This was used to gain entry into the system, where I…
A Cyber Journey 