Open in app

Sign in

Write

Sign in

ARZ101
ARZ101

566 Followers

Home

About

Oct 29

Vulnlab — Delegate

Delegate is a medium rated machine which consisted of enumerating smb shares to find credentials of a user which had GenericWrite over a user object which was abused through Targeted Kerberoasting, having SeEnableDelegation privilege this lead to Unconstrained Delegation and then performing DCsync. PORT STATE…

Ctf

5 min read

Vulnlab — Delegate
Vulnlab — Delegate
Ctf

5 min read


Oct 27

Vulnlab — Push

Push, a hard rated active directory chain, involved obtaining credentials from FTP, having write access to smb share, placing the configuration and DLL file for abusing clickonce application to gain a shell on MS01, enumerating the domain to find about SCCM agent deployed on system, coercing authentication through client push…

Ctf

9 min read

Vulnlab — Push
Vulnlab — Push
Ctf

9 min read


Oct 7

HackTheBox — PC

PC, an easy machine involved enumerating gRPC services, where a method vulnerable to SQLi, giving us the credentials for sau user, escalating privileges by port forwarding a login page on port 8000 which had pyLoad running vulnerable to CVE-2023–0297 which is a pre-authentication code execution, giving us the root shell. NMAP …

Ctf

4 min read

HackTheBox — PC
HackTheBox — PC
Ctf

4 min read


Sep 9

Vulnlab — Baby2

Baby2, a medium rated machine involved enumerating smb shares to find a logon script, having the credentials, this script can be modified to get a shell as Amelia , who belongs to a group that had WriteDACL on Gpoadm , granting full control over gpoadm and changing the account’s password…

Ctf

5 min read

Vulnlab — Baby2
Vulnlab — Baby2
Ctf

5 min read


Sep 1

HackTheBox — MointorsTwo

Monitors Two involved exploiting cacti which was vulnerable to un-aunthenticated remote code execution (CVE-2022–46169) which returns a shell as www-data in a docker container, escalating privileges to root through capsh on the container and then getting root on the host by abusing CVE-2021-41091, which is a flaw in docker engine…

4 min read

HackTheBox — MointorsTwo
HackTheBox — MointorsTwo

4 min read


Sep 1

Vulnlab — Retro

Retro, an easy rated machine, involved enumerating smb shares to find an account having a weak password, further finding a note about pre-created computer account having enrollment rights on a template allowing to request a certificate on behalf of any other user dubbed as ESC1 template attack. NMAP PORT…

Ctf

4 min read

Vulnlab — Retro
Vulnlab — Retro
Ctf

4 min read


Aug 24

HackTheBox — OnlyForYou

OnlyForYou, a medium rated machine involved enumerating vhost to find an application which gives us the ability to download the source which was vulnerable to LFR (Local File Read) which leads to reading nginx config to find the root directory of the application and reading the source code of the…

Ctf

6 min read

HackTheBox — OnlyForYou
HackTheBox — OnlyForYou
Ctf

6 min read


Aug 21

Vulnlab — Lustrous

Lustrous, a medium chain AD machine involved two machines, LusMS and LusDC , from LusMS, accessing the ftp share there were usernames which out of which ben.cox didn’t require any pre-authentication, resulting in AS-REP roasting , having remote access to LusMS, local administrator password found in a form of secure…

Ctf

8 min read

Vulnlab — Lustrous
Vulnlab — Lustrous
Ctf

8 min read


Aug 16

Vulnlab — Intercept

Intercept, a hard rated chain machine involved two machines, WS01 and DC01 , on WS01 coercing NTLM authentication by uploading different file extensions to grab the hash of the user, performing Resource Based Constrained Delegation (RBCD) by utilizing WebDAV and PetitPotam to relay WS01’s hash through LDAP, abusing GenericAll to…

Active Directory

8 min read

Vulnlab — Intercept
Vulnlab — Intercept
Active Directory

8 min read


Aug 14

Vulnlab — Reflection

Reflection is a medium Active Directory chain which consists of three machines, MS01, WS01 and DC01 , from MS01, MSSQL staging credentials were found from smb share, which lead to relaying the NTLM hash on DC01’s smb shares, where the service account had access to the prod share containing credentials…

Ctf

9 min read

Vulnlab — Reflection
Vulnlab — Reflection
Ctf

9 min read

ARZ101

ARZ101

566 Followers

Smol Pentester| OSCP | CTF Player | UwU

Following
  • Nairuz Abulhul

    Nairuz Abulhul

  • cyberCypher🕵️‍♂️

    cyberCypher🕵️‍♂️

  • CyberJunnkie

    CyberJunnkie

  • Alex Rodriguez

    Alex Rodriguez

  • CyberPri3st

    CyberPri3st

See all (42)

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams