![]() ![]() ![]() Knock Knock is a Sherlock from HackTheBox that provides a PCAP for a ransomware incident. That certificate doesn’t work directly, but I can use a pass-the-cert attack to dumb hashes and get access as administrator.Ĭtf dfir forensics sherlock-knock-knock hackthebox pcap zeek pcap-nmap pcap-password-spray port-knocking knockd pcap-port-knocking ansible gonnacry I’ll add a fake computer to the domain and use that to get a certificate for the DC. Rather than any user being able to enroll with the template, it’s any domain computer. With those creds, I’ll enumerate active directory certificate services to find they are vulnerable to ESC1, with a twist. The PWM instance is in configuration mode, and I’ll use that to have it try to authenticate to my box over LDAP with plain text credentials. I’ll crack some encrypted fields to get credentials for a PWM instance. I’ll access open shares over SMB to find some Ansible playbooks. Ctf htb-authority hackthebox nmap windows iis smb netexec smbclient dig dns feroxbuster pwm ansible ansible-vault ansible2john hashcat wireshark responder evil-winrm adcs certipy esc1 ms-ds-machineaccountquota powerview addcomputer-py pass-the-cert silver-ticketĪuthority is a Windows domain controller. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |