Vulnhub Hemisphere: Gemini Walkthrough

by Vince
in Blog
Hits: 913

The description states:  "Difficulty: Easy, Flag: 2 (user & root), Enumeration | Web Application | Privilege Escalation"

Not a complicated box by any means but it has a couple of useful tricks that you will see from time to time in CTF's.  If those are new to you, these are skills worth learning.

First we kick off with Nmap:

Read more

Vulnhub Hemisphere: Lynx Walkthrough

by Vince
in Blog
Hits: 701

The very short description sates:  "Difficulty: Easy, Flag: 2 (user & root), Enumeration | Brute Forze"

Let's start off with the obvious, we know there's going to be brute force involved.  Let me also say that if you're going to make a vulnerable machine, don't bury the password deep into rockyou because it doesn't add value to the experience, it only prolongs the process. 

Enough said, let's kick off with Nmap:

Read more

PowerShell AD Enumeration Script

by Vince
in Blog
Hits: 645

With each new tool that pops up on the Internet, there's a/v signature written within the very near future of its birth to detect and remove it.  For example, PowerSploit's PowerView which is described as:  "a PowerShell tool to gain network situational awareness on Windows domains."  Technically, there's nothing malicious about this tool as far as I can tell other than its purpose is primarily used for hacking.  When downloaded to a system with endpoint protection, the PowerView script is immediately removed.

Not that I've looked under the PowerView hood but I can imagine it's making calls to existing commands and presenting the output to us.  I'm a huge proponent of living off the land because we're using the system against itself and as far as endpoint protection, we'll go unnoticed.  That's not to say that alerts aren't written for PowerShell execution but that's a separate issue. 

Read more