Tag: Powershell

• Timelapse – HackTheBox

  Timelapse was a relatively easy ‘Easy’ machine that required exploiting misconfigured SMB that led to a shell as a normal user where a service account password was discovered in powershell history. That account was configured to be allowed to read the LAPS password, which let us get administrative access on the machine. Scanning From the…

  Captain Nemo

  August 20, 2022

  HackTheBox

  Active Directory, evil-winrm, LAPS, PFX, Powershell, SMB

• Active Directory Takeover Pt I – Enumeration to Initial Shell

  This is the first in a short series about domain takeover on a standalone exposed domain controller. In general, these steps will not be an exact representation of what one will encounter in a full environment and so it should be noted throughout that there would be further enumeration and lateral movement required on an…

  Captain Nemo

  April 21, 2022

  Uncategorized

  aspx, LDAP, Powershell, WebDAV, webshell

• Driver – HackTheBox

  Started by running my standard nmap scan: So there’s an SMB server running and a web server. I couldn’t access the SMB server so I checked out the site and ran a gobuster scan in the meantime. I am presented with a login screen, so I go back to look at my nmap scan and…

  Captain Nemo

  October 22, 2021

  HackTheBox

  HackTheBox, hashcat, Powershell, PrintNightmare, Privilege Escalation, responder, winrm