HackTheBox and TryHackMe Walkthroughs
- Steps for enumeration 1. Using Nmap to scan for any hidden/open ports within the target machine 2. I discovered there was an admin panel on the machine that you can click on the bottom half of the screen 4....
Continue reading
Walkthrough Nmap Website hosting PDFs Usernames in Exifdata BurpSuite and Console Magic Finding a default password Password Spray and SMB Access as Tiffany.Molina Downdetector.ps1 Adding a DNS record Getting and Cracking hash of Ted.Graves Bloodhound Reading gMSA Passwords using gMSADumper...
Continue reading
Walkthrough Nmap Website shows a username and hints for a password Login to SMB-Share, NTLM Authentication seems disabled Download PDF, NTLM Authentication is indeed disabled Kerberoasting Crack Hash of a service Account Create Silver Ticket to access the MSSQL Server...
Continue reading
Walkthrough Nmap Enumerate Users through RPC NullSession AS-REP Roast and Hash cracking Login with Evil-Winrm Domain enumeration with bloodhound ACL Abuse to grant DCSync permissions Getting Foothold Nmap First of all I performed a nmap port scan to reveal all...
Continue reading
Walkthrough Nmap Anonymous SMB Login RID-Bruteforce → Get Usernames Username = Password Spray → Get Two valid user creds MSSQL Login as operator XP_DirTree to list Webroot Downlaod Backup File with configuration file and credentials for Raven Login with winrm...
Continue reading