While playing around with NTLMRelayx (part of an upcoming post) on various Windows VMs, I found I was having trouble getting a reverse Meterpreter connection over HTTPS from a Windows 7 machine to a fully updated Kali box. The problem was happening with both staged and non-staged payloads. I had
LaCasaDePapel was a little tricky for me because I had never seen one of the things needed to solve it (here's looking at you Psy Shell) and went down a rabbit hole... Nmap results: First thing I check is anonymous FTP which fails. I check http next and see something
This was a fairly straightforward box that was good fun. Nmap scan: I checked out ftp first but anonymous access was disabled. Next up was smb: While enumerating, I found that the Development share was writable. I also found a creds.txt file in the 'general' share: Those creds didn't
Netmon was an easy and fun Windows machine. Nmap results: First thing I check is ftp to see if anonymous access is allowed. It is - with full access to the entire C: drive: In C:\users\public\ we find user.txt: Transfer it over for the user flag: I
Querier was a straightforward Windows machine which I think was a fairly realistic box you might find on a typical corporate network. Nmap scan: SMB is usually low-hanging fruit so I check out what shares are available: The 'Reports' share is unsecured so I connect with smbclient and see a