Category: Active Directory
-
Support | Hack The Box
Initial nmap results and looks like we’ve got a domain controller. We get nothing we don’t already know from the DNS server and it’s not vulnerable to anything I know of so on to enumerate SMB. At this stage the only folder we can get into as anonymous user is support-tools which contains a handy […]
-
Ra 2 | TryHackMe
WindCorp recently had a security-breach. Since then they have hardened their infrastructure, learning from their mistakes. But maybe not enough? You have managed to enter their local network… My first hard box. Let’s go. Our first nmap scan gives a lot back, so it’s going to be lots of vectors for enumeration. Starting with DNS […]
-
VulnNet Active | TryHackMe
So, we’re probably looking at a domain controller judging by the DNS service running. Running crackmapexec gives us the domain name vulnnet.local which we’ll use to further enumerate the box. SMB allows anonymous login but has no shares to display, but Redis allows unauthenticated logins. We can get a username from this but I spend […]
-
Razorback | TryHackMe
This room was really fun, I had to do a lot of reading and digging so got to learn a lot about Active Directory during the process. Initial nmap results. Lots to go at. We can see the DNS name so first thing to do is add it to /etc/hosts. We’ll start with the open […]
-
VulnNet: Roasted | TryHackMe
VulnNet Entertainment just deployed a new instance on their network with the newly-hired system administrators. Being a security-aware company, they as always hired you to perform a penetration test, and see how system administrators are performing. This is a much simpler machine, do not overthink. You can do it by following common methodologies. Initial nmap […]