Overview Shared is a great box that taught me much. You start out by enumerating a web app and then find an SQL injection in an unexpected place. You’ll use this SQL injection to extract a username and a password hash which can be cracked and used to SSH. Once on the box you’ll exploit […]
Overview Upon gaining a shell on a target you may find that you are in a restricted shell. Restricted shells are introduced as another line of defense and greatly limited what you can do within a shell. In this post I will show a few different techniques to escape this restricted shell and gain full […]
Overview DCSync attacks allow an attacker to simulate the behavior of a domain controller via MS-DRSR and obtain credentials from another domain controller. In this article I will give an overview of DCSync attacks, how to perform them, and how to remediate them.
Overview AS-REP roasting is a technique that enables us to steal the password hashes of accounts without Kerberos pre-authentication enabled. In this article I will show how to perform an AS-REP roast attack.
Overview DNS zone transfers can give an attacker the keys to the DNS castle so to speak. Although this vulnerability is ancient and rather rare these days it is still important to know how zone transfers work and how to prevent unauthorized transfers.