Acute is a 40-point Active Directory Windows machine on HackTheBox. I'm going to use it to show some techniques which can be useful in other scenarios and keep it short on the things that are not that important.
We are solving Anubis, a 50-point windows machine on HackTheBox which involves an ASP template injection, windows containers, and stealing hashes with Responder. Later we'll escalate privileges using noPAC.
Baby is an easy machine on Vulnlab that involves enumerating LDAP & spraying credentials. For SYSTEM we exploit SeBackup & SeRestore Privileges.
I always had difficulties understanding what Silver Tickets are and how they are used. Maybe this comes from the fact that they are rarely seen in labs. They can be really powerful though, so I'll be trying my best to describe my understanding of them in this post.
This is a short walkthrough on Lustrous, a chain consisting of 2 machines on vulnlab.
We are solving Vault from PG Practice. This machine involves planting malicious files on an SMB share to steal hashes. For root, we will abuse GPO Permissions and explore 2 unintended privilege escalations.
We are solving intelligence, a nice windows machine on HackTheBox, created by Micah. For user, we will enumerate pdfs on a webserver & will use both the content & metadata to find valid credentials of a domain user. For root, we update a DNS entry, steal a hash & dump...
We are solving Pivotapi, a 50-point Windows machine on HackTheBox. This one involves some Reverse Engineering, MSSQL, and Active Directory Attacks like Kerberoasting, ASREPRoasting, and various misconfigurations. In the end, we will explore some unintended ways to root this box.
Monteverde is a 30-point Windows machine on HackTheBox that involves some LDAP and SMB enumeration to get the user flag. For root we exploit Azure AD Connect’s way of storing the password for the account that synchronizes on premise AD accounts with Azure AD.
P.O.O. Endgame is one of HackTheBox’s endgame labs and was just retired. It involves exploiting SQL Server Links & Active Directory ACLs.