TryHackMe | VulnNet: Endgame Hack your way into this simulated vulnerable infrastructure. No puzzles. Enumeration is the key.tryhackme.com This is a small hacking adventure into Vulnnet. I may have gotten more than I bargained for when I choose to hack this box because there were parts of this box I got stuck on and had to take a small hint to carry on. …

This is a recently retired box that is running Active Directory services and is an excellent study box for the OSCP. So let’s get started. Initial Enumeration: After looking over the initial enumeration this appears to be an active directory box. …

It’s my second week back to my home office from being out at Blackhat in Las Vegas all week and I was approached by a handful of people on how does one break into cloud penetration testing? The short answer is it is not as straight forward as it should…

First off huge thanks to IPPSEC for posting this video and doing the heavy work when I started looking into making a private OMI Exploitation lab without hosting it on azure. At first I ran into SSL issues with the OMI install followed by namespace issues with the SOAP…

With the latest CVE around the print spooler service this is a good time to update my guidance on securing domain controller environments with security hardening policies. Just for reference at the time of this posting there is an RCE going around with the print spooler service which can be…

Here is another writeup on Chatterbox. This is a retired machine in HTB. Reconnaissance An NMAP scan reveals two ports open. 9255 and 9256 A quick google search yields the following exploit DB result: Offensive Security's Exploit Database Archive Achat 0.150 beta7 - Remote Buffer Overflow. CVE-2015-1578CVE-2015-1577CVE-118206CVE-118104 . remote exploit for Windows…www.exploit-db.com Next I do a searchsploit for achat software and I get two results for a remote…

This box is on the retired list in hack the box. Here is a walk through on how I got full system privileges in this active directory environment. Pre-Requisites installations needed in Kali: winapsearch.py — https://github.com/ropnop/windapsearch Impacket — https://github.com/SecureAuthCorp/impacket Evil-WinRM — https://github.com/Hackplayers/evil-winrm Bloodhound.py — https://github.com/fox-it/BloodHound.py

This is the first series of domain controllers I was able to compromise in hack the box. At the time of this writing the box has been retired allowing me to post how I did reconnaissance, enumeration, initial foothold, and privilege escalation. …

I’ve gotten into kerberoasting lately and thought this would be a good opportunity to talk about auditing your SPN’s and encryption types in your environment. …