In this walk through, we will be going through the Breach room from Vulnlab. This room is rated as Medium on the platform and it consist of capturing of a user NTLM hash by creating documents that a domain user will likely open in a SMB share. Using the captured credentials, performed Kerberoasting to get […]
In this walk through, we will be going through the Baby 2 room from Vulnlab. This room is rated as Medium on the platform and it consist of exploitation via a powershell script in a SMB share to get initial access on the target. For Privilege Escalation, First Degree Group Membership abuse is required to
In this walk through, we will be going through the Baby room from Vulnlab. This room is rated as Easy on the platform and it consist of extensive LDAP Enumeration to get potential password. Spraying of it reveals STATUS_PASSWORD_MUST_CHANGE error which have to be abused to get initial foothold. For Privilege Escalation, abuse of SeBackupPrivilege
In this walk through, we will be going through the Zipper room from Proving Grounds. This room is rated as Hard on the platform that consists of LFI exploitation via PHP Phar filters in order to get the initial foothold on the target. For the privilege escalation, abuse of a cron job running the 7z
In this walk through, we will be going through the Twiggy room from Proving Grounds. This room is rated as Easy on the platform and it consist of exploitation of CVE-2020-11652 and CVE-2020-11651 in Salt API 3000 in order to get root. So, let’s get started without any delay. Machine Info: Title Twiggy IPaddress 192.168.177.62
In this walk through, we will be going through the Stapler room from Proving Grounds. This room is rated as Intermediate on the platform that has two or more routes of exploitation. One is a direct vulnerability exploitation on a vulnerable Samba server and other is through LFI on a wordpress installation via a vulnerable
In this walk through, we will be going through the Squid room from Proving Grounds. This room is rated as Easy on the platform and it consist of enumeration of Squid Proxy in order to get the initial foothold on the target. For the privilege escalation, Fullpowerexploit is used in conjunction of the SeImpersonatePrivilege abuse
In this walk through, we will be going through the RubyDome room from Proving Grounds. This room is rated as Intermediate on the platform and it consists of exploitation of Ruby application via CVE-2022-25765 for the initial foothold. For Privilege Escalation, abuse of sudo misconfiguration on custom binary is required to get root. So, let’s
In this walk through, we will be going through the Resourced room from Proving Grounds. This room is rated as Intermediate on the platform and it consist of extensive LDAP enumeration to find out low hanging fruit for initial compromise. Post that, we have to abuse the Resource-Based Constrained Delegation privilege to get Domain Admin.
In this walk through, we will be going through the pyLoader room from Proving Grounds. This room is rated as Intermediate on the platform and it consists of exploitation of pyLoad via CVE-2023-0297 to get root on the target. So, let’s get started without any delay. Machine Info: Title pyLoader IPaddress 192.168.169.29 Difficulty Intermediate OS
