We are solving Hutch from PG-Practice. For user, we will get credentials from LDAP & use them to upload a web shell via Webdav. For root, we will read a LAPS password for the intended way & then explore other methods.
We are solving Pivotapi, a 50-point Windows machine on HackTheBox. This one involves some Reverse Engineering, MSSQL, and Active Directory Attacks like Kerberoasting, ASREPRoasting, and various misconfigurations. In the end, we will explore some unintended ways to root this box.
We are solving Heist from PG Practice. Heist is a really cool Windows machine that involves stealing a hash, reading a gMSA password & exploiting the SeRestorePrivilege.
Why we can shutdown a machine when our user has SeShutdownPrivilege listed as disabled?
We are solving UT99, an intermediate windows box on PG Practice. On this box, we are going to exploit an SEH based buffer overflow. And to make it a bit more fun we'll do that one manually instead of just firing some exploit from exploitdb. Then for root, we will...
AuthBy is a medium difficulty Windows machine on PG Practice. It involves getting FTP access to the web root of a web application and uploading a PHP web shell. For root, we'll exploit the SeImpersonate Privilege with Juicy Potato.
We are solving Breadcrumbs, a 40-point Windows machine on HackTheBox. For user, we exploit an LFI to read PHP source code, forge a session cookie & upload a PHP shell. Root involves dumping sticky notes content & exploiting a SQL injection.
We are going to solve Atom, a 30-point machine on HackTheBox where we'll analyze an electron app and exploit its updater. For root we will enumerate the running Redis instance, find an encrypted kanban password and then decrypt it.
We are solving Cereal, a 40-point machine on HackTheBox. For user, we will exploit a pretty tricky deserialization vulnerability in a .NET web app. For root, we exploit SeImpersonate.
We will solve Sharp, a 40-point machine on HackTheBox that is all about C-Sharp & .Net. For user, we exploit a deserialization vulnerability in a .NET Remoting Service and for root WCF.