Breach - Writeup (Vulnlab & HTB)
Anonymous SMB and NTLM theft enable Kerberoasting; forged silver tickets and MSSQL/token impersonation achieve SYSTEM.
Oct 13, 20255 min read340
Command Palette
Search for a command to run...
#vulnlab
Articles tagged with #vulnlab
Phantom - Writeup (Vulnlab & HTB)
INFO: Ports and Services 53/tcp open domain 88/tcp open kerberos-sec 135/tcp open msrpc 139/tcp open netbios-ssn 389/tcp open ldap 445/tcp open microsoft-ds 464/tcp open kpasswd5 593/tcp open http-rpc-epmap 636/tcp open ldapssl 32...
Aug 21, 20255 min read239
Build - Writeup (Vulnlab & HackTheBox)
It starts with a Jenkins backup on an rsync server. A password is decrypted to access Gitea, then a Jenkins pipeline is modified to gain exec [...]
Aug 12, 20256 min read203
Lustrous2 - Writeup (Vulnlab)
Lustrous2 is a hardened AD Environment on Vulnlab that involves dealing with LDAP signing, channel binding and disabled NTLM authentication.
Aug 5, 20258 min read278
Manage – Writeup (Vulnlab)
Explore the steps for exploiting Apache Tomcat, abusing JMX on port 2222, and achieving root access in Vulnlab's system
Jul 25, 20254 min read129
Reset - Writeup (Vulnlab)
Box Summary The box had an LFI in a web dashboard that allowed log poisoning, leading to a shell as www-data. From there, I found sadm was a trusted user via rlogin, so I created a local user with the same name and logged in without a password. Insid...
Jul 16, 20253 min read176