Month: May 2022
-
Hack the Box (HTB) – Monteverde
Level: Medium User Flag Nmap scan We find that port 445/139 for Samba and 389 for LDAP are open. Enumerate Samba (unauthenticated) Save the user names in a file. users-rpcclient.txt Bruteforce user passwords on LDAP Try username = password. We find credentials: SABatchJobs / SABatchJobs Enumerate Samba (authenticated) Inspect content from all shares Download content…
-
Zerologon (CVE-2020-1472)
Zerologon is an elevation of privilege vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka ‘Netlogon Elevation of Privilege Vulnerability’. Zerologon (CVE-2020-1472) is a critical vulnerability that affects Windows servers. Given certain circumstances, this vulnerability can allow an attacker to bypass authentication…
-
Overpass the Hash/Pass the Key
Whereas that hash is used to authenticate in Pass the Hash attacks, in OverPass the Hash attacks, it is used to submit a signed request to the Kerberos Domain Controller (KDC) for a full Kerberos TGT (Ticket Granting Ticket) or service ticket on behalf of that compromised user. That ticket can provide access to a…