HackTheBox and TryHackMe Walkthroughs
Walkthrough Nmap Website hosting PDFs Usernames in Exifdata BurpSuite and Console Magic Finding a default password Password Spray and SMB Access as Tiffany.Molina Downdetector.ps1 Adding a DNS record Getting and Cracking hash of Ted.Graves Bloodhound Reading gMSA Passwords using gMSADumper...
Continue reading
Walkthrough Nmap Website shows a username and hints for a password Login to SMB-Share, NTLM Authentication seems disabled Download PDF, NTLM Authentication is indeed disabled Kerberoasting Crack Hash of a service Account Create Silver Ticket to access the MSSQL Server...
Continue reading
Walkthrough Nmap Enumerate Users through RPC NullSession AS-REP Roast and Hash cracking Login with Evil-Winrm Domain enumeration with bloodhound ACL Abuse to grant DCSync permissions Getting Foothold Nmap First of all I performed a nmap port scan to reveal all...
Continue reading
Walkthrough Nmap Anonymous SMB Login RID-Bruteforce → Get Usernames Username = Password Spray → Get Two valid user creds MSSQL Login as operator XP_DirTree to list Webroot Downlaod Backup File with configuration file and credentials for Raven Login with winrm...
Continue reading
