Vulnhub Vegeta: 1 Walkthrough

by Vince
in Blog
Hits: 8520

The description states:  "THIS IS A MACHINE FOR COMPLETE BEGINNER , GET THE FLAG AND SHARE IN THE TELEGRAM GROUP (GROUP LINK WILL BE IN FLAG.TXT)"

I would say that's a fair assessment but I could also see this causing some problems for beginners.  In general, I think it's always good to remember that "beginner" is based on a person's level of knowledge, tools, etc. 

Assuming that a beginner is reading this post for some help, let me toss out a couple of tricks and also show how I spider out with my enumeration and then come back to what's important. 

First, we kick off with Nmap:

Read more

Windows Exploit Suggester

by Vince
in Blog
Hits: 2139

There are a ton of privilege escalation scripts that perform a wide variety of tasks but the reason why this particular tool sticks out is that it doesn't run on the target machine.  The description for Windows Exploit Suggester states:  "This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins."

Basically, we run systeminfo, save the contents into a file on our machine, and we run Windows Exploit Suggester against that file. 

Read more

PingCastle

by Vince
in Blog
Hits: 1505

PingCastle is an auditing tool and oddly, when you view their website, they don't have an actual description of the product.  The site jumps straight into the uses, features, and benefits. 

In a nutshell, PingCastle quickly generates a comprehensive assessment of the overall posture of the domain.  For example, is SMBv1 enabled?  Can we attack the network with LLMNR poisoning because we're allowing Netbios over TCP?  But it goes beyond the low hanging fruit, it gets into the granular settings for AD accounts and it makes suggestions on how to better configure the domain. 

Read more