Breach - Writeup (Vulnlab & HTB)
Anonymous SMB and NTLM theft enable Kerberoasting; forged silver tickets and MSSQL/token impersonation achieve SYSTEM.
Oct 13, 20255 min read
Command Palette
Search for a command to run...
Latest articles
Public by Default: when your private prompts become a showcase
In the Cybersecurity world, paranoia is part of daily life. We usually talk about flaws in terms of exploits, payloads, or bypasses. However, not all failures are due to bugs. Sometimes, it's the product design itself, which can be even more alarming...
Sep 18, 20254 min read
Phantom - Writeup (Vulnlab & HTB)
INFO: Ports and Services 53/tcp open domain 88/tcp open kerberos-sec 135/tcp open msrpc 139/tcp open netbios-ssn 389/tcp open ldap 445/tcp open microsoft-ds 464/tcp open kpasswd5 593/tcp open http-rpc-epmap 636/tcp open ldapssl 32...
Aug 21, 20255 min read
Build - Writeup (Vulnlab & HackTheBox)
It starts with a Jenkins backup on an rsync server. A password is decrypted to access Gitea, then a Jenkins pipeline is modified to gain exec [...]
Aug 12, 20256 min read
Lustrous2 - Writeup (Vulnlab)
Lustrous2 is a hardened AD Environment on Vulnlab that involves dealing with LDAP signing, channel binding and disabled NTLM authentication.
Aug 5, 20258 min read
Manage – Writeup (Vulnlab)
Explore the steps for exploiting Apache Tomcat, abusing JMX on port 2222, and achieving root access in Vulnlab's system
Jul 25, 20254 min read
Reset - Writeup (Vulnlab)
Box Summary The box had an LFI in a web dashboard that allowed log poisoning, leading to a shell as www-data. From there, I found sadm was a trusted user via rlogin, so I created a local user with the same name and logged in without a password. Insid...
Jul 16, 20253 min read
Push - Writeup (Vulnlab)
NMAP & INFO Backdooring a ClickOnce deployment, which led to code execution. SCCM Client Push Coercion to capture NTLM hashes, privesc using ADCS by forging a certificate and abusing it with PassTheCert to grant DCSync rights. DC01.push.vl 53/t...
Jun 25, 20258 min read
Retro - Writeup (VulnLab & HackTheBox)
██████╗░███████╗████████╗██████╗░░█████╗░ ██╔══██╗██╔════╝╚══██╔══╝██╔══██╗██╔══██╗ ██████╔╝█████╗░░░░░██║░░░██████╔╝██║░░██║ ██╔══██╗██╔══╝░░░░░██║░░░██╔══██╗██║░░██║ ██║░░██║███████╗░░░██║░░░██║░░██║╚█████╔╝ ╚═╝░░╚═╝╚══════╝░░░╚═╝░░░╚═╝░░╚═╝░╚════╝...
Jun 25, 20253 min read