nuts7's blog

https://nuts7.github.io/nuts7's blogA blog about security, CTF writeups, researches and more 2024-05-02T12:05:49+02:00 nuts7 https://nuts7.github.io/ Jekyll © 2024 nuts7 /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png HackTheBox - Snoopy2023-09-19T00:00:00+02:00 2023-09-21T21:58:05+02:00 https://nuts7.github.io/htb-snoopy/ nuts7

Snoopy is a Linux machine from the HackTheBox platform, Hard released on 06 May 2023. It addresses multiple Web vulnerabilities including an LFI to extract Bind9 credentials, an XXE in the XML parsing of ClamAV’s clamscan program. In addition, it covers MiTM SSH with a connection we can trigger with a custom Mattermost command, DNS poisoning to obtain an account takeover vulnerability on Matter...

HackTheBox - Rebound2023-09-19T00:00:00+02:00 2024-05-02T12:04:29+02:00 https://nuts7.github.io/htb-rebound/ nuts7

Rebound is a Windows machine, with the AD DS role installed, from the HackTheBox platform noted Insane released on September 09, 2023. It covers multiple techniques on Kerberos and especially a new Kerberoasting technique discovered in September 2022. It also covers ACL missconfiguration, the OU inheritance principle, SeImpersonatePrivilege exploitation and Kerberos delegations. ☺️ Port Scanni...

ZeroLogon 101 (CVE-2020-1472)2023-07-10T00:00:00+02:00 2023-09-21T21:58:05+02:00 https://nuts7.github.io/zerologon/ nuts7

ZeroLogon aka CVE-2020-1472 is a vulnerability, found on 14th September 2020 by Secura researchers, that abuses the Netlogon Remote Protocol (MS-NRPC) RPC interface using an insecure cryptographic primitive. Exploitation requirements To exploit this vulnerability, the attacker only needs internal network access to reach the EPM (DCE/RPC Endpoint Mapper) of the vulnerable domain controller (DC...

HackTheBox - PivotAPI2022-11-07T00:00:00+01:00 2023-09-21T21:58:05+02:00 https://nuts7.github.io/htb-pivotapi/ nuts7

PivotAPI is a Windows machine from the HackTheBox platform noted Insane released on May 08, 2021. It covers Kerberos missconfiguration, ACL, weak password cracking on a Keepass database, FTP server missconfiguration, as well as a bit of .NET reverse engineering. 😃 Port Scanning Tout d’abord, faisons un scan nmap des ports TCP : ❯ nmap -sCV -p- 10.10.10.240 -Pn --open -T5 -oN nmap PORT S...

HackTheBox - Tentacle2021-06-19T00:00:00+02:00 2021-06-19T00:00:00+02:00 https://nuts7.github.io/htb-tentacle/ nuts7

Bonjour à tous aujourd’hui je vous présente un walkthrough sur une machine difficile de HackTheBox. Cette machine demandait une énumération assez poussée, être familié avec proxychains et de bonnes connaissances sur le protocole kerberos. 😀 Recon Port Scanning Tout d’abord, faisons un scan TCP + UDP des 65535 ports avec l’outil masscan pour plus de rapidité : ❯ sudo masscan 10.10.10.224 -p1...