As I mentioned previously, I've been spending time on HackTheBox.  I've gone through about 12 machines in both the Active and Inactive areas.  A lot of what I'm finding so far is more along the lines of situations you wouldn't find in the real world.  That said, it's a great way to add technical chops and acquire more critical thinking skills.  Which is another way of saying I do a lot of head banging and Googling.  

The other day, I stumbled across Cronos which is a retired box and there several reasons why I decided to write about it.  Rather than spoil, I will mention those reasons when I get to them but let me summarize by saying that it's a bit more real world than what you typically see.

We deal with small to medium-sized businesses which means we might not have a budget for a thousand plus dollar Active Directory auditing tool. But maybe we only want a subset of those tools and we can script some of those tools in PowerShell.  For example, assuming you have a lockout policy setup in Active Directory (you should!), the point is to stop someone from guessing passwords on your accounts.  Wouldn't you like to know if someone is attempting to guess passwords on your accounts?

This script can be added to the Task Scheduler and I would setup its frequency based on your lockout duration. 

A few things to note about this script --

Sort of an odd one, I'm not exactly sure why though.  I wrote this up to exploit an LFI vulnerability in the Localize My Post plugin for WordPress.  You populate the path.txt file with your typical goodies:  /etc/passwd, /etc/hosts, etc.  Each on their own line, of course.  I also included /var/www/html/wp-config.php but for some reason, it wouldn't grab it.  I thought it was some sort of protection mechanism but as I looked around, including in the apache log file, it was getting 200 OK.  I move the file into /etc/ and it works but in place or in /tmp, no luck.  Regardless, it still grabs l00t just change the IP address.  You can just as easily use curl as well -- it's just a bit quicker if you're trying to grab multiple files at once.