Intercept is a chain of vulnerable machines on Vulnlab and involves stealing hashes with lnk files, a RBCD-Workstation takeover, exploiting GenericALL on OUs & finally attacking ADCS using ESC7.
This is the third video of the Shinra series. We will get a shell on Ashleighs machine & escalate privileges.
This is the second video of the Shinra series. Before setting foot onto any of the network's internal machines, we are going to spend a bit of time enumerating various things from our machine
Video & additional notes for StreamIO, a medium difficulty Windows machine on HackTheBox that involves manual MSSQL Injection, going from file inclusion to RCE and in this case getting the SeImpersonate privilege back to get SYSTEM via an EFS-based potato.
Video & additional notes for Resourced, an intermediate difficulty Windows machine on PG-Practice that involves password spraying and an RBCD attack.
Acute is a 40-point Active Directory Windows machine on HackTheBox. I'm going to use it to show some techniques which can be useful in other scenarios and keep it short on the things that are not that important.
We are solving Anubis, a 50-point windows machine on HackTheBox which involves an ASP template injection, windows containers, and stealing hashes with Responder. Later we'll escalate privileges using noPAC.
Baby is an easy machine on Vulnlab that involves enumerating LDAP & spraying credentials. For SYSTEM we exploit SeBackup & SeRestore Privileges.
I always had difficulties understanding what Silver Tickets are and how they are used. Maybe this comes from the fact that they are rarely seen in labs. They can be really powerful though, so I'll be trying my best to describe my understanding of them in this post.
This is a short walkthrough on Lustrous, a chain consisting of 2 machines on vulnlab.