TryHackMe Gatekeeper Walkthrough

by Vince
in Blog
Hits: 4081

The description states:  "Can you get past the gate and through the fire?

Before I jump into this, I'd like to get a couple of things out of the way.  First, If you're doing this box, I assume you can find your way to the binary.  Second, with very few Windows buffer overflow problems on the Internet, it's nice to find another to work on those skills in a controlled environment.  Add this to the short list with SLMail and Brainpan.

Read more

Kerberos Golden Tickets

by Vince
in Blog
Hits: 464

If an attacker were to get on your network, compromise the domain, and takeover the krbtgt account, creating a golden ticket is an almost guaranteed method for persistence as long as you don't reset the password for that account -- twice.  "The password must be changed twice to effectively remove the password history."  I don't know if there's a "best practice" but according to Ping Castle, or at least its implication, we probably want to change it every 60 days.

Read more

Kerbrute

by Vince
in Blog
Hits: 710

Kerbrute:  "A tool to quickly bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication"

When running Nmap, we come across a server with open SMB ports and we might run Enum4Linux to gather information about the server.  In some cases, like with more modern and hardened servers, we probably won't get a whole lot of information.  But let's say when we run that Nmap scan, we see that Kerberos is running, that gives us another avenue for enumeration.

Read more