I began the engagement by performing a full TCP and UDP port scan with Nmap to identify open services running on the target. A SYN scan was used on all TCP ports for speed and stealth, while service detection and version enumeration were enabled to gather more detailed information. In parallel, a Read more
I began by performing a full TCP and UDP port scan to enumerate available services. It looks like we are working with an Active Directory Domain Controller from the ports that are open. I was able to collect system information through an SMB null session misconfiguration, which allowed me to Read more
As always, I start off the assessment with scanning for open TCP and UDP ports. I started looking into the ActiveMQ service and did a search for version 5.15.15. This led to the CVE-2023-46604 exploit with a public RCE on GitHub. I pulled down the exploit to my attack machine Read more
Today I am working on Sauna by Hackthebox. I start out with some port scans. This is a Domain Controller so I looked into some common items such as null sessions and smb share enumeration. I did not have luck so I started enumerating the web server on port 80. Read more
I got stuck on this assessment because the target machine was not accepting the reverse shell. It turned out that I needed to set my attack box to the same time as the target machine, once that was completed, everything worked! I started the assessment with my new poet scanning Read more
I started the assessment with Nmap port scans against all TCP and the top UDP ports. On TCP port 55555, I found this service called request-baskets. I found a public exploit with SSRF (Server side request forgery). I started enumerating the exploit and was able to use the web UI Read more
To start the assessment, I start with my nmap scans to check for open TCP and UDP ports. Looks like a domain controller with a SQL service. I use the tool smbclient to check for any smb share that look interesting. The share “Public” looks good so I connect to Read more
This assessment was tough, the foothold was really demanding and helped me learn a lot. I started off with port scans using the tool Nmap for both TCP and UDP ports. The site on port 80 was a website created to determine if another website is up or not. I Read more
I started this one with an nmap scan for both TCP and UDP ports. With the Nmap results, I started enumerating port 80. With this error, I am able to enumerate the website domain name and input that information into my /etc/hosts file so my local machine and resolve the Read more
icked off the assessment with a thorough Nmap scan to discover open ports and fingerprint the services running on the Forest host. After identifying RPC on 135, I used rpcclient to connect anonymously and enumerate every domain user. I compiled the discovered usernames into a file and ran Impacket’s GetNPUsers.py Read more