Tag: bloodhound
-
Support | Hack The Box
Initial nmap results and looks like we’ve got a domain controller. We get nothing we don’t already know from the DNS server and it’s not vulnerable to anything I know of so on to enumerate SMB. At this stage the only folder we can get into as anonymous user is support-tools which contains a handy […]
-
Ra 2 | TryHackMe
WindCorp recently had a security-breach. Since then they have hardened their infrastructure, learning from their mistakes. But maybe not enough? You have managed to enter their local network… My first hard box. Let’s go. Our first nmap scan gives a lot back, so it’s going to be lots of vectors for enumeration. Starting with DNS […]
-
VulnNet Active | TryHackMe
So, we’re probably looking at a domain controller judging by the DNS service running. Running crackmapexec gives us the domain name vulnnet.local which we’ll use to further enumerate the box. SMB allows anonymous login but has no shares to display, but Redis allows unauthenticated logins. We can get a username from this but I spend […]
-
Razorback | TryHackMe
This room was really fun, I had to do a lot of reading and digging so got to learn a lot about Active Directory during the process. Initial nmap results. Lots to go at. We can see the DNS name so first thing to do is add it to /etc/hosts. We’ll start with the open […]