Kerberos

Hack The Box - Blackfield

Ghostbyt3 HackTheBox 13 min read
Blackfield is a good Windows Activity directory box, first we need exploit AS-REP-roasting we can reset another user’s password over RPC. With access to another share, We will found a bunch of process …
Read more…

Hack The Box - Sauna

Ghostbyt3 HackTheBox 6 min read
Sauna is an easy AD machine, getting initial is by gathering usernames from the web and doing AS-REP Roasting, we can get a user’s hash. And winPEAS reveals svc_loanmgr’s password in plain …
Read more…

Hack The Box - Active

Ghostbyt3 3 min read
We are going to pwn Active from Hack The Box. Link: https://www.hackthebox.eu/home/machines/profile/148 Let’s Begin with our Initial Nmap Scan. Nmap Scan Results: PORT STATE SERVICE 53/tcp open domain 88/tcp open kerberos-sec 135/tcp open msrpc 139/tcp open netbios-ssn 389/tcp open ldap 445/tcp open microsoft-ds 464/tcp open kpasswd5 593/tcp open http-rpc-epmap 636/tcp open ldapssl 3268/tcp …
Read more…

Hack The Box - Forest

Ghostbyt3 5 min read
We are going to pwn Forest by egre55 & mrb3n from Hack The Box. Link : https://www.hackthebox.eu/home/machines/profile/212 Let’s Begin with our Initial Nmap Scan. Nmap Scan Results: PORT STATE SERVICE VERSION 53/tcp open domain? | fingerprint-strings: | DNSVersionBindReqTCP: | version |_ bind 63/tcp closed via-ftp 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: …
Read more…