d5fa4lt

Finally, we reached The Summit, the final stage of the challenge. Using the Administrator hash from Middle Camp, we gained a foothold. By hijacking a script, we obtained a shell as another user. From there, we exploited our rights over the Domain Controller (DC) to perform a Resource-Based Constrained Delegation (RBCD) attack. This allowed us to escalate our privileges to the Administrator user and conquer the challenge. NmapAs always, we start off with an NMAP scan # Nmap 7.94SVN scan...

Welcome to Middle Camp, where we continue from part one. Using credentials found at Base Camp, we established a foothold in this new area. From here, we brute-forced the password of another user, gaining more access. This allowed us to change the password of a member in the Backup Operators group, giving us the right permissions to proceed. We then dumped registry files to collect password hashes. Finally, using these hashes, we escalated our privileges and successfully obtained a shell as...

This is part one of the K2 challenge on TryHackMe, where we began our journey at Base Camp, targeting a web application. Through fuzzing, we discovered several virtual hosts and exploited an XSS vulnerability in one of them, allowing us to steal a cookie and access another host. We then leveraged a SQL injection vulnerability to extract credentials from the database, using one of these credentials to gain an SSH shell. While navigating as this user, we found a password in one of the web...