Category: AD Hacking
-
Breach
Breach, an Active Directory machine created by xct in vulnlab, employs NTLM hash capture for initial access and utilizes a Silver Ticket attack to gain entry into the network. Enumeration Start a nmap scan to look for open ports and add the necessary flags for in depth enumeration. From the scan we can take note…
-
Baby2
Baby2, crafted by xct and & r0BIT in Vulnlab, is an active directory machine designed to investigate misconfigurations in logon scripts and exploit GPO vulnerabilities. Enumeration Start a nmap scan to look for open ports and add the necessary flags for in depth enumeration. From the scan we can take note of the domain name…
-
Baby
Baby, an Active Directory machine crafted by xct in vulnlab, facilitates LDAP enumeration and exploits user privileges to retrieve the machine database for hash dumping and exploitation. Enumeration Start a nmap scan to look for open ports and add the necessary flags for in depth enumeration. From the scan we can take note of the…
-
PSEXEC
PSEXEC In the ever-evolving landscape of cybersecurity, hackers are constantly seeking new tools and techniques to exploit vulnerabilities and gain unauthorized access to systems. One such tool that has been both a blessing and a curse for network administrators is psexec. What is psexec? psexec, short for “Process Execute,” is a legitimate command-line utility developed…
-
MITM 6
MITM6 is a tool for performing Man-in-the-Middle attacks in IPv6 networks. It intercepts and potentially manipulates traffic between devices on the network by positioning itself as an intermediary, making it useful for ethical hacking and network security testing. MITM6 comes pre-installed in Kali, but be sure to launch the ntlmrelayx server before running it. This…
-
SMB Relay Attack
One aspect of security is ensuring that your network doesn’t fall victim to attacks like SMB relay attacks. SMB (Server Message Block) is a network protocol that allows shared file and printer access between devices on a network. To enhance the security of SMB, you can enable SMB signing, which ensures the integrity and authenticity…
-
LLMNR Poisoning
LLMNR poisoning, or Link-Local Multicast Name Resolution poisoning, is a cybersecurity attack that exploits a protocol used in Windows networks by intercepting and manipulating network traffic responsible for resolving domain names to IP addresses. It tricks your computer into sending its requests to the attacker instead of the intended server when you try to access…
-
HTB : Timelapse
Network Enumeration To begin our exploration of the network, let’s initiate an nmap scan in order to identify all open ports. To gather more information about the network, we can use a detailed nmap scan. Add the domain name found from the nmap scan to /etc/hosts SMB Enumeration SMB null sessions are a type of…
-
HTB : Active
Network Enumeration To begin our exploration of the network, let’s initiate an nmap scan in order to identify all open ports. To gather more information about the network, we can use a detailed nmap scan. Add the domain name found from the nmap scan to /etc/hosts SMB Enumeration SMB null sessions are a type of…
-
VulnNet: Roasted
VulnNet Entertainment quickly deployed another management instance on their very broad network…