Hi everyone! This machine is an Active Directory machine where we have to enumerate SMB shared folder, use dnSpy to reverse engineer a .NET binary for LDAP credentials, LDAP query to find another user’s credentials, initial access via winrm, and privilege escalate using Kerberos Resource-based Constrained Delegation. Let’s get started! Nmap enumeration $ IP=10.10.11.174 $ […]
Hi everyone! This is a Windows machine that only test Active Directory related content during privilege escalation. For initial access, we have to enumerate SMB for a password protected ZIP file which stores a password protected PFX file. Cracking using zip2john and crackpkcs12 was done before generating a public and private key using the PFX […]
There is no excerpt because this is a protected post.
There is no excerpt because this is a protected post.
Hi everyone! Today’s post is on a TryHackMe challenge on Attacktive Directory that will introduce to u Kerberos user enumeration using Kerbrute on Domain Controller (DC), AS-REP Roasting using GetNPUsers on DC, Hashcat to crack Kerberos hashes, dumping password hashes from DC, and using Evil-WinRM to access the DC. Let’s get started! 1. Deploy the […]
Hi everyone! Today’s post is on the basics of lateral movement in the Active Directory (AD) network. In this article, we will be focusing on using LOLBAS and reverse shells to compromise other computers in the internal network. Let’s get started! Network Below shows the network we will be using for our example. Assumption We […]
Lamecarrot 