[roothackinwithpj131 ~]$

Latest Write-ups

tutorial c2 mythic active-directory red-team attack-chain

Mythic C2 - Full Active Directory Attack Chain

Mythic C2 Framework - Complete Active Directory Attack Chain Full demonstration of using Mythic C2 framework to execute a complete Active Directory attack chain, from initial access to domain compromise. What is Mythic? Mythic is a collaborative, multi-platform Command & Control (C2) framework designed for red team operations. It provides a web-based interface for managing agents, tracking operations, and executing complex attack chains across enterprise environments. Attack Chain Overview This tutorial demonstrates a complete Active Directory compromise using Mythic C2:

Read more ?
htb windows active-directory gpp-decrypt kerberoasting smb

HackTheBox - Active

Enumeration Nmap Scan Comprehensive port scan revealed a Windows Server 2008 R2 Domain Controller: nmap -sS -sC -A -T4 -oN first.scan -p- 10.10.10.100 Key Services: Port 53: DNS Port 88: Kerberos Port 135: MSRPC Port 139/445: SMB/NetBIOS Port 389/636: LDAP Port 3268/3269: Global Catalog Domain identified: active.htb SMB Enumeration Share Discovery smbclient -L //10.10.10.100 Accessible shares (anonymous login): NETLOGON Replication ? SYSVOL Users Replication Share Access smbclient //10.10.10.100/Replication Downloaded entire share recursively:

Read more ?
htb windows active-directory mssql responder

HackTheBox - Escape

Enumeration Starting with a comprehensive nmap scan to discover all open ports and services: sudo nmap -sS -sC -A 10.10.11.202 -T4 -oN first.scan -p- -Pn Key Findings The scan reveals a Windows Domain Controller running multiple services: Port 53: DNS Port 88: Kerberos Port 389/636: LDAP (Domain: sequel.htb) Port 445: SMB Port 1433: Microsoft SQL Server 2019 Port 5985: WinRM Domain identified: sequel.htb with hostname dc.sequel.htb SMB Enumeration Checking SMB shares as a guest user:

Read more ?
proving-grounds windows active-directory file-upload htaccess kerberoasting semanagevolume privilege-escalation

Proving Grounds - Access

Box Overview Access is a Windows Active Directory machine from Offensive Security’s Proving Grounds featuring file upload bypass, Kerberoasting attacks, and privilege escalation via SeManageVolumePrivilege exploitation. Domain: access.offsec Enumeration Nmap Scan sudo nmap -sS -sC -A 192.168.229.187 -T4 -oN first.scan -p- Open Ports: 53/tcp - DNS 80/tcp - HTTP (Apache 2.4.48 - XAMPP) 88/tcp - Kerberos 135/tcp - MSRPC 139/445/tcp - SMB 389/636/tcp - LDAP 5985/tcp - WinRM 9389/tcp - .

Read more ?