[roothackinwithpj131 ~]$

Latest Write-ups

htb windows active-directory gpp-decrypt kerberoasting smb

HackTheBox - Active

Enumeration Nmap Scan Comprehensive port scan revealed a Windows Server 2008 R2 Domain Controller: nmap -sS -sC -A -T4 -oN first.scan -p- 10.10.10.100 Key Services: Port 53: DNS Port 88: Kerberos Port 135: MSRPC Port 139/445: SMB/NetBIOS Port 389/636: LDAP Port 3268/3269: Global Catalog Domain identified: active.htb SMB Enumeration Share Discovery smbclient -L //10.10.10.100 Accessible shares (anonymous login): NETLOGON Replication ? SYSVOL Users Replication Share Access smbclient //10.10.10.100/Replication Downloaded entire share recursively:

Read more ?
htb windows active-directory mssql responder

HackTheBox - Escape

Enumeration Starting with a comprehensive nmap scan to discover all open ports and services: sudo nmap -sS -sC -A 10.10.11.202 -T4 -oN first.scan -p- -Pn Key Findings The scan reveals a Windows Domain Controller running multiple services: Port 53: DNS Port 88: Kerberos Port 389/636: LDAP (Domain: sequel.htb) Port 445: SMB Port 1433: Microsoft SQL Server 2019 Port 5985: WinRM Domain identified: sequel.htb with hostname dc.sequel.htb SMB Enumeration Checking SMB shares as a guest user:

Read more ?
htb windows lfi hmailserver cve-2024-21413

HackTheBox - Mailing

Enumeration Starting with a comprehensive nmap scan: sudo nmap -sS -sC -A 10.10.11.14 -T4 -oN first.scan -p- Key Findings The scan reveals a Windows server running hMailServer with multiple mail-related services: Port 25/587: SMTP (hMailServer) Port 80: HTTP (Microsoft IIS 10.0) - redirects to mailing.htb Port 110: POP3 (hMailServer) Port 143/993: IMAP (hMailServer) Port 445: SMB Port 465: SSL/SMTP Port 5985: WinRM Domain identified: mailing.htb Web Enumeration Local File Inclusion Discovery When downloading a PDF from the website, the URL structure reveals a potential LFI vulnerability:

Read more ?
proving-grounds windows h2-database rce seimpersonate metasploit potato

Proving Grounds - Jacko

Box Overview Jacko is a Windows machine from Offensive Security’s Proving Grounds demonstrating H2 Database exploitation for remote code execution and privilege escalation via SeImpersonate token abuse. Difficulty: Intermediate (though arguably easier) Enumeration Nmap Scan sudo nmap -sS -sC -A [TARGET_IP] -T4 -oN first.scan -p- Key ports identified: Port 8082 - H2 Database Console (web interface) Port 22 - SSH Additional Windows services H2 Database Console - Port 8082 Accessing http://[TARGET_IP]:8082 reveals the H2 Database Console - a web-based SQL interface.

Read more ?
proving-grounds windows active-directory file-upload htaccess kerberoasting semanagevolume privilege-escalation

Proving Grounds - Access

Box Overview Access is a Windows Active Directory machine from Offensive Security’s Proving Grounds featuring file upload bypass, Kerberoasting attacks, and privilege escalation via SeManageVolumePrivilege exploitation. Domain: access.offsec Enumeration Nmap Scan sudo nmap -sS -sC -A 192.168.229.187 -T4 -oN first.scan -p- Open Ports: 53/tcp - DNS 80/tcp - HTTP (Apache 2.4.48 - XAMPP) 88/tcp - Kerberos 135/tcp - MSRPC 139/445/tcp - SMB 389/636/tcp - LDAP 5985/tcp - WinRM 9389/tcp - .

Read more ?
proving-grounds windows squid-proxy phpmyadmin webshell fullpowers printspoofer seimpersonate

Proving Grounds - Squid

Box Overview Squid is a Windows machine from Offensive Security’s Proving Grounds featuring Squid proxy enumeration, PHPMyAdmin exploitation, and privilege escalation through SeImpersonate token abuse using FullPowers and PrintSpoofer. Enumeration Nmap Scan sudo nmap -sS -sC -A 192.168.229.189 -T4 -oN first.scan -p- Open Ports: 135/tcp - Microsoft Windows RPC 139/tcp - NetBIOS-SSN 445/tcp - SMB 3128/tcp - Squid HTTP Proxy 4.14 ✅ 49666-49667/tcp - Microsoft Windows RPC Squid Proxy Enumeration Port 3128 is running Squid Proxy - a caching and forwarding HTTP proxy.

Read more ?