Retro presents a Windows Active Directory environment with weak domain configurations and passwords. Enumerating SMB shares as a Guest user and pivoting to a Trainee user reveals sensitive operational information. The Domain Controller is vulnerable to AD CS ESC1 which is leveraged to gain Domain Admin compromising the domain controller entirely.
Retro presents a Windows Active Directory environment with weak domain configurations and passwords. Enumerating SMB shares as a Guest user and pivoting to a Trainee user reveals sensitive operational information. The Domain Controller is vulnerable to AD CS ESC1 which is leveraged to gain Domain Admin compromising the domain controller entirely.
Retro presents a Windows Active Directory environment with weak domain configurations and passwords. Enumerating SMB shares as a Guest user and pivoting to a Trainee user reveals sensitive operational information. The Domain Controller is vulnerable to AD CS ESC1 which is leveraged to gain Domain Admin compromising the domain controller entirely.
Keeper presents a simple yet interesting Linux challenge where a leaked KeePass vault and memory dump lead to full root compromise. Using CVE-2023-3278, targeted cracking, and key conversion, we obtain access and provide practical remediation recommendations.
An easy Windows box running Apache Tomcat with default credentials that can be leveraged to gain a reverse shell as nt authority\system (admin).
