Month: May 2022

  • Hack the Box (HTB) – Monteverde

    Hack the Box (HTB) – Monteverde

    Level: Medium User Flag Nmap scan We find that port 445/139 for Samba and 389 for LDAP are open. Enumerate Samba (unauthenticated) Save the user names in a file. users-rpcclient.txt Bruteforce user passwords on LDAP Try username = password. We find credentials: SABatchJobs / SABatchJobs Enumerate Samba (authenticated) Inspect content from all shares Download content…

  • Active Directory Enumeration

  • AS-REP Roasting

  • decrypt_cpassword.py

  • custom_spider.py

  • Zerologon (CVE-2020-1472)

    Zerologon is an elevation of privilege vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka ‘Netlogon Elevation of Privilege Vulnerability’. Zerologon (CVE-2020-1472) is a critical vulnerability that affects Windows servers. Given certain circumstances, this vulnerability can allow an attacker to bypass authentication…

  • Pass the Ticket

  • Overpass the Hash/Pass the Key

    Whereas that hash is used to authenticate in Pass the Hash attacks, in OverPass the Hash attacks, it is used to submit a signed request to the Kerberos Domain Controller (KDC) for a full Kerberos TGT (Ticket Granting Ticket) or service ticket on behalf of that compromised user. That ticket can provide access to a…