Category: Windows
-
THM: Fusion Corp
TryHackMe | Fusion Corp Fusion Corp said they got everything patched… did they? Enumeration Start a nmap scan to look for open ports and add the necessary flags for in depth enumeration. From the scan we can take note of the domain name and DC (Fusion-DC.fusion.corp) and start the process of null enumeration. Web Enumeration…
-
VulnLab: Sendai
Network Enumeration Null Enumeration NULL enumeration allows us to gain access to both the shared folder “sendai” and user accounts. Inside the “users” folder, there are several potential usernames. There is also a text file instructing users to set a new password upon logging in. With LookUpSid, we can retrieve additional user accounts. Use Kerbrute…
-
THM: Enterprise
You just landed in an internal network. You scan the network and there’s only the Domain Controller… Enumeration Let’s start with Rustscan to find for the open ports. Start a nmap scan to dig into the open ports and add the necessary flags for in depth enumeration. Directory/Files Enumeration on HTTP Nothing found on directory/file…
-
AS-REP Roasting in Active Directory
AS-REP roasting is a technique used in Active Directory (AD) environments that attackers leverage to extract and crack user passwords, specifically for accounts that do not require pre-authentication. It targets weaknesses in the Kerberos authentication protocol, which is the backbone of AD authentication systems. How Kerberos Works Kerberos is a network authentication protocol that uses…
-
Breach
Breach, an Active Directory machine created by xct in vulnlab, employs NTLM hash capture for initial access and utilizes a Silver Ticket attack to gain entry into the network. Enumeration Start a nmap scan to look for open ports and add the necessary flags for in depth enumeration. From the scan we can take note…
-
Baby2
Baby2, crafted by xct and & r0BIT in Vulnlab, is an active directory machine designed to investigate misconfigurations in logon scripts and exploit GPO vulnerabilities. Enumeration Start a nmap scan to look for open ports and add the necessary flags for in depth enumeration. From the scan we can take note of the domain name…
-
Baby
Baby, an Active Directory machine crafted by xct in vulnlab, facilitates LDAP enumeration and exploits user privileges to retrieve the machine database for hash dumping and exploitation. Enumeration Start a nmap scan to look for open ports and add the necessary flags for in depth enumeration. From the scan we can take note of the…
-
AlwaysInstallElevated
AlwaysInstallElevated, when set to true, grants applications elevated privileges during installation, enabling them to make system-wide changes. Although convenient, enabling AlwaysInstallElevated introduces security risks by permitting potentially malicious applications to make critical modifications to the system. If we gain a shell on a Windows machine, we can elevate our privileges if AlwaysInstallElevated is enabled. We…
-
PSEXEC
PSEXEC In the ever-evolving landscape of cybersecurity, hackers are constantly seeking new tools and techniques to exploit vulnerabilities and gain unauthorized access to systems. One such tool that has been both a blessing and a curse for network administrators is psexec. What is psexec? psexec, short for “Process Execute,” is a legitimate command-line utility developed…
-
MITM 6
MITM6 is a tool for performing Man-in-the-Middle attacks in IPv6 networks. It intercepts and potentially manipulates traffic between devices on the network by positioning itself as an intermediary, making it useful for ethical hacking and network security testing. MITM6 comes pre-installed in Kali, but be sure to launch the ntlmrelayx server before running it. This…
-
SMB Relay Attack
One aspect of security is ensuring that your network doesn’t fall victim to attacks like SMB relay attacks. SMB (Server Message Block) is a network protocol that allows shared file and printer access between devices on a network. To enhance the security of SMB, you can enable SMB signing, which ensures the integrity and authenticity…
-
LLMNR Poisoning
LLMNR poisoning, or Link-Local Multicast Name Resolution poisoning, is a cybersecurity attack that exploits a protocol used in Windows networks by intercepting and manipulating network traffic responsible for resolving domain names to IP addresses. It tricks your computer into sending its requests to the attacker instead of the intended server when you try to access…
Persecure : my learning archive 