Command Injection & Path Hijacking – Previse @ HackTheBox
We are solving Previse, an easy linux machine on HackTheBox that involves a Command Injection & Path Hijacking.
Protected: Lab – Lustrous Walkthrough
There is no excerpt because this is a protected post.
Lab – Exploiting Log4Shell (CVE-2021-44228)
On December 10th 2021 the Log4Shell vulnerability, a "0-day" exploit in log4j2 appeared on Twitter. In this post, we will explore how to exploit it with LDAP in a lab environment.
Stealing Hashes with Responder, GPO Permissions & Unintended Ways – Vault @ PG Practice
We are solving Vault from PG Practice. This machine involves planting malicious files on an SMB share to steal hashes. For root, we will abuse GPO Permissions and explore 2 unintended privilege escalations.
Password Spraying, gMSA, ADIDNS & Constrained Delegation – Intelligence @ HackTheBox
We are solving intelligence, a nice windows machine on HackTheBox, created by Micah. For user, we will enumerate pdfs on a webserver & will use both the content & metadata to find valid credentials of a domain user. For root, we update a DNS entry, steal a hash &...
LDAP, WebDAV, LAPS & Unintended Solutions – Hutch @ PG Practice
We are solving Hutch from PG-Practice. For user, we will get credentials from LDAP & use them to upload a web shell via Webdav. For root, we will read a LAPS password for the intended way & then explore other methods.