Posts

THE PLANETS: MERCURY Walkthrough - VulnHub

Image
Introduction Getting back to CTF solving after a looong break, is a difficult task. So, I decided to proceed with an EASY challenge, and  VulnHub  was the obvious choice to find the one. In few searches, I found a perfect machine to start with -  'The Planets: Mercury' .   This boot2root machine had 2 flags: USER & ROOT. The USER flag can be obtained by  SQLi  ==>  Creds  ==>  SSH  ==>  FLAG . The ROOT flag is were an interesting PrivEsc lie in. Hope you find this writeup interesting & useful! Information Gathering Port Scan: Nmap To begin with reconnaissance, let's find out open ports with Nmap, with service version enumerations: Port 8080 So this looks like a simple page with no secrete or hint. Let's try accessing some common directories: Visiting ' admin ' directory, we got the error page. This happened as the site is built on  Django  with  Debug  set to  True . Luckily for us, the URL Configuration is being reflected on error page. Let'

Domain Enumeration Cheatsheet

In this post, I am going to share a cheatsheet which you can use while doing domain enumeration in active directory environment. Let's begin.  Always Enumerate following things first: Users Computers Domain Administrators Enterprise Administrators Shares [*] Import Powerview https://github.com/PowerShellMafia/PowerSploit   [*] Get current domain   1. Get-NetDomain         [*] Get object of another domain 1. Get-NetDomain -Domain test.dc.com   [*] Get domain SID for the current domain 1. Get-DomainSID   [*] Get domain policy for the current domain 1. Get-DomainPolicy 2. Get-DomainPolicy."system access"   [*] Get Domain Controllers for the current domain 1. Get-NetDomainController   [*] Get a list of users in the current domain 1.   Get-NetUser [*] Get list of all properties for users in the current domain 1.   Get-UserProperty 2.   Get-UserProperty -properties pwdlastset 3.   Get-UserProperty -Properties logoncount 4.   Get-UserProp