Hi everyone! This machine is an Active Directory machine where we have to enumerate SMB shared folder, use dnSpy to reverse engineer a .NET binary for LDAP credentials, LDAP query to find another user’s credentials, initial access via winrm, and privilege escalate using Kerberos Resource-based Constrained Delegation. Let’s get started! Nmap enumeration $ IP=10.10.11.174 $ […]
Hi everyone! This is a Windows machine that only test Active Directory related content during privilege escalation. For initial access, we have to enumerate SMB for a password protected ZIP file which stores a password protected PFX file. Cracking using zip2john and crackpkcs12 was done before generating a public and private key using the PFX […]
There is no excerpt because this is a protected post.
Dear readers, Today’s post is Phonebook, a web challenge on HackTheBox. It was created on 31st October 2020. This challenge is on LDAP injection and brute-forcing LDAP login so read on if you are interested! Let’s get started! Files provided There are no files provided for this challenge. Outlook of the website URL of the […]