ARZ101Vulnlab — KaijuKaiju is a hard rated AD chain, involved enumerating FTP server with default credentials to find filezilla configuration file having the…10 min read·Mar 31, 2024----
ARZ101HackTheBox — ReboundRebound involved performing as-rep roasting by bruteforcing domain users SIDs, then kerberoasting ldap_monitor account with…10 min read·Mar 29, 2024----
ARZ101Vulnlab — SidecarSidecar, a similar AD chained like intercept, involved getting a shell through a lnk file, relaying authentication from WS01 by enabling…9 min read·Mar 2, 2024----
ARZ101Vulnlab — EscapeEscape, an easy rated machine involved having windows running kiosk mode with only RDP service running, bypassing kiosk by using microsoft…5 min read·Feb 24, 2024----
ARZ101Vulnlab — TeaTea, a medium rated AD chain machine, involved having an instance of gitea running which had an active runner, being able to register a…5 min read·Feb 23, 2024----
ARZ101Vulnlab — BrunoBruno involved enumerating ftp shares to find a SampleScanner binary along with a user account which lead to AS-REP roasting, analyzing…7 min read·Dec 14, 2023----
ARZ101HackTheBox — AuthorityAuthority involved enumerating smb shares to find ansible vault credentials which on cracking gave access to an open source Password Self…6 min read·Dec 9, 2023----
ARZ101Vulnlab — DelegateDelegate is a medium rated machine which consisted of enumerating smb shares to find credentials of a user which had GenericWrite over a…5 min read·Oct 29, 2023----
ARZ101Vulnlab — PushPush, a hard rated active directory chain, involved obtaining credentials from FTP, having write access to smb share, placing the…9 min read·Oct 27, 2023----
ARZ101HackTheBox — PCPC, an easy machine involved enumerating gRPC services, where a method vulnerable to SQLi, giving us the credentials for sau user…4 min read·Oct 7, 2023----