PK Sec

Sniper is retired (28.3.2020) Microsoft Windows server on the HackTheBox penetration testing lab. It was marked with  Medium difficulty  and can be cracked by using a vulnerability in  Windows help files...  As usual, I am going to try to write the entire walkthrough as detailed as possible, so it is clear to everyone what is being done and why.  We will use/learn:  nmap, burpsuite, samba, enum4linux, reverse shell, netcat, powershell & credentials creation from cleartext in PS, Windows Help files (*.chm) etc. Getting User: I am going to add the server's IP (10.10.10.151) to /etc/hosts file, so I can keep using the hostname (sniper.htb) instead of the IP address. Let's start with a basic enumeration of the ports & services running on the server with nmap ( Nmap ("Network Mapper") is a free and open-source utility for network discovery and security auditing.  Source .   For those not familiar with the command...

Forest is retired (21.3.2020) Microsoft Windows server on the HackTheBox penetration testing lab. It was marked with  Easy difficulty and  would be ideal for anyone interested in Active Directory hacking.  As usual, I am going to try to write the entire walkthrough as detailed as possible, so it is clear to everyone what is being done and why.  We will use/learn:  nmap, samba, smbclient, enum4linux, various impacket tools, john the ripper & cracking hashed passwords, evil-winrm tool, bloodhound tool, powershell, net group & powershell  Getting User: I am going to add the server's IP (10.10.10.161) to /etc/hosts file, so I can keep using hostname (forest.htb) instead of the IP address. Let's start with a basic enumeration of the ports & services running on the server with nmap ( Nmap ("Network Mapper") is a free and open-source utility for network discovery and security auditing.  Link .   For those not familia...

Writeup is retired Linux server on the HackTheBox penetration testing lab. It was marked with  Easy difficulty , which again makes it an ideal candidate for beginners to start with. I am writing this blog as there is almost identical vulnerability as in one recently released server.  As usual, I am going to try to write the entire walkthrough as detailed as possible, so it is clear to everyone what is being done and why.  We will use/learn:  nmap, www.exploit-db, pspy, reverse shell,  Getting User: Let's start with basic enumeration of the ports & services running on the server with nmap ( Nmap ("Network Mapper") is a free and open source utility for network discovery and security auditing.  Source ).   For those not familiar with the command I suggest checking this cheat-sheet first:   nmap-cheat-sheet .  Before we start, let's add the IP address of the server (10.10.10.138) into /etc/hosts file , ...