Introduction Getting back to CTF solving after a looong break, is a difficult task. So, I decided to proceed with an EASY challenge, and VulnHub was the obvious choice to find the one. In few searches, I found a perfect machine to start with - 'The Planets: Mercury' . This boot2root machine had 2 flags: USER & ROOT. The USER flag can be obtained by SQLi ==> Creds ==> SSH ==> FLAG . The ROOT flag is were an interesting PrivEsc lie in. Hope you find this writeup interesting & useful! Information Gathering Port Scan: Nmap To begin with reconnaissance, let's find out open ports with Nmap, with service version enumerations: Port 8080 So this looks like a simple page with no secrete or hint. Let's try accessing some common directories: Visiting ' admin ' directory, we got the error page. This happened as the site is built on Django with Debug set to True . Luckily for us, the URL Configuration is being reflected on error page. Let'
- Other Apps
By Latish Danawale -
In this post, I am going to share a cheatsheet which you can use while doing domain enumeration in active directory environment. Let's begin. Always Enumerate following things first: Users Computers Domain Administrators Enterprise Administrators Shares [*] Import Powerview https://github.com/PowerShellMafia/PowerSploit [*] Get current domain 1. Get-NetDomain [*] Get object of another domain 1. Get-NetDomain -Domain test.dc.com [*] Get domain SID for the current domain 1. Get-DomainSID [*] Get domain policy for the current domain 1. Get-DomainPolicy 2. Get-DomainPolicy."system access" [*] Get Domain Controllers for the current domain 1. Get-NetDomainController [*] Get a list of users in the current domain 1. Get-NetUser [*] Get list of all properties for users in the current domain 1. Get-UserProperty 2. Get-UserProperty -properties pwdlastset 3. Get-UserProperty -Properties logoncount 4. Get-UserProp