Posts

This machine has a webs server that has unauthenticated access with an IDOR (Insecure Direct Object Reference) vulnerability. By changing the number at the end of the URL, you can find a PCAP file with cleartext FTP traffic containing credentials. Read more

I began this lab by running Nmap to identify open TCP and UDP ports on the target system. During the scan, I noticed that UDP port 500 was open, which immediately suggested the presence of an IPsec/IKE VPN service. Given Read more

This lab came with Active Directory creds to simulate an assumed breach assessment. I started by checking the credentials with Netexec to confirm they worked. Next I ran Bloodhound-ce-python to collect Active Directory data for Bloodhound. Looking at the user Read more

I started with an nmap scan for all TCP ports and the top UDP ports. This one looks like an Active Directory Domain Controller. Added target hostnames to /etc/hosts Looking through the SMB shares, I found one “support-tools” that is Read more

This box took a ton of troubleshooting and resets for the privilege escalation. The web server kept crashing but after many attempts, I finally got it finished. I start things off with a port scan for all 65,535 TCP ports Read more

To begin my enumeration, I performed a port scan of both TCP and UDP ports using Nmap. This initial step allowed me to establish a clear picture of the services that were exposed and set the foundation for the rest Read more

I began the engagement by performing a full TCP and UDP port scan with Nmap to identify open services running on the target. A SYN scan was used on all TCP ports for speed and stealth, while service detection and version enumeration Read more