AD

Really a good AD box, We need to do Phishing attack to get the initial shell and 1st user has WriteOwner Permission over another user. And 2nd User has some WriteDacl permission over a Group which has …

This box is really fun and some Active Directory stuffs which is really good. Getting User is doing SCF attack and create certificate for the user and to get 2nd user we need to do Kerberoast and the …

Cascade is a Windows Medium box, which involves lot of enumeration and finding VNC credentials which can be decrypted and with that we need to find SQlite database and also a small Reverse …

Sauna is an easy AD machine, getting initial is by gathering usernames from the web and doing AS-REP Roasting, we can get a user’s hash. And winPEAS reveals svc_loanmgr’s password in plain …

We are going to pwn Forest by egre55 & mrb3n from Hack The Box. Link : https://www.hackthebox.eu/home/machines/profile/212 Let’s Begin with our Initial Nmap Scan. Nmap Scan Results: PORT STATE SERVICE VERSION 53/tcp open domain? | fingerprint-strings: | DNSVersionBindReqTCP: | version |_ bind 63/tcp closed via-ftp 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: …