02Apr 2021 by admin

CyberSecLabs – Secret

Hacking, privilege escalation, smb, vulnerability, Windows
Greetings everyone and happy Friday! Welcome back to another walkthrough of a system hosted on the CyberSecLabs platform! The machine we'll be attacking today is called Secret, so let's jump right in! We'll start off by scanning the host with Nmap: So we have quite a bit of ports open here, and a lot to work with! Right off the bat, we should be focused on port 445 which is SMB. Let's start probing at that port to see if we can find any additional information. We'll start by using a tool called smbclient to enumerate possible shares. We can do this by specifying the "-L" switch: When prompted for a password, we can simply press enter to see if we can list the shares without providing any credentials. For…
Read More
25Mar 2021 by admin

CyberSecLabs – Unattended

Hacking, http, metasploit, meterpreter, privilege escalation, vulnerability, Windows
Greetings everyone! Today, we'll be attacking a machine called Unattended on a platform called CyberSecLabs! So without further ado, let's jump right into it! As always, we'll start off with our trusty nmap scan! So we see a few ports open that we can start probing. We may as well start off by checking port 80 and see what we can find there! Let's plug the IP address into a web browser and see what we're greeted with. Under "Server Information", we see it displays HttpFileServer 2.3 (also noted in our nmap scan!). Let's click on it and see where it brings us. Interesting! Let's see if there are any vulnerabilities we can exploit pertaining to Rejetto. Time to fire up Metasploit! Perfect! We have our exploit selected! But let's…
Read More
11Oct 2020 by admin

Exploiting ZeroLogon!

privilege escalation, remote access, vulnerability
Greetings everyone! In today's post, we'll be exploring the ZeroLogon vulnerability and demonstrating just how easy it is to exploit! What Is It? The ZeroLogon vulnerability, tracked as CVE-2020-1472, is an authentication bypass vulnerability, which allows for privilege escalation, in the Netlogon Remote Protocol (MS-NRPC), a remote procedure call (RPC) interface that Windows uses to authenticate users and computers on domain-based networks. According to a blog post on Secura's website, Zerologon takes advantage of a weak cryptographic algorithm used in the Netlogon authentication process. This bug allows an attacker to manipulate the Netlogon authentication procedures and: Impersonate the identity of any computer on a network when trying to authenticate against the domain controller Disable security features in the Netlogon authentication processChange a computer's password on the Domain Controller's Active Directory…
Read More