Bastion was a fairly easy Windows box that involved SAM files and a vulnerability in mRemoteNG. Nmap scan: Netbios is open so let's check out available shares: 'Backups' looks like a juicy target so let's check it out: That exe file looks like someone else's malware which probably means we
This was quite a challenging box for me but I learned a lot about things. One of the things I love about HackTheBox is performing attacks I read about in the news, in this case a man-in-the-middle attack with apt. Nmap results: Let's check out http: The 'Admin' link is
While digging into the usage of Responder.py, I came across this post and video [https://cqureacademy.com/blog/penetration-testing/web-proxy-auto-discovery-protocol] that I found pretty intriguing. I was aware of using Responder.py to trick users into entering their credentials as part of a WPAD attack or using it to
This was a very tough box for me and I needed a hint from the forums to complete it - the box is rated 'insane' for a reason! Nmap scan: HTTP shows: I tried HTTPS but it looks like it needs a certificate. Gobuster and dirb came up with absolutely
As I had mentioned in my OSCP writeup [https://t3chnocat.com/oscp-writeup/], one thing not covered in the course was Active Directory and Windows networks. I've been learning on my own in my home lab and wanted to share a bit of what I've learned. When it comes to pentesting