htb
windows
active-directory
gpp-decrypt
kerberoasting
smb
Enumeration Nmap Scan Comprehensive port scan revealed a Windows Server 2008 R2 Domain Controller:
nmap -sS -sC -A -T4 -oN first.scan -p- 10.10.10.100 Key Services:
Port 53: DNS Port 88: Kerberos Port 135: MSRPC Port 139/445: SMB/NetBIOS Port 389/636: LDAP Port 3268/3269: Global Catalog Domain identified: active.htb
SMB Enumeration Share Discovery smbclient -L //10.10.10.100 Accessible shares (anonymous login):
NETLOGON Replication ? SYSVOL Users Replication Share Access smbclient //10.10.10.100/Replication Downloaded entire share recursively:
Read more ?proving-grounds
windows
active-directory
file-upload
htaccess
kerberoasting
semanagevolume
privilege-escalation
Box Overview Access is a Windows Active Directory machine from Offensive Security’s Proving Grounds featuring file upload bypass, Kerberoasting attacks, and privilege escalation via SeManageVolumePrivilege exploitation.
Domain: access.offsec
Enumeration Nmap Scan sudo nmap -sS -sC -A 192.168.229.187 -T4 -oN first.scan -p- Open Ports:
53/tcp - DNS 80/tcp - HTTP (Apache 2.4.48 - XAMPP) 88/tcp - Kerberos 135/tcp - MSRPC 139/445/tcp - SMB 389/636/tcp - LDAP 5985/tcp - WinRM 9389/tcp - .
Read more ?