d5fa4lt

I recently completed the eCPPTv3 exam—and honestly, I don’t recommend it. While the environment was stable and the tools worked fine, the exam content was disappointing. For a certification that markets itself as “professional,” it falls short in multiple areas that matter. My BackgroundBy the time I took the eCPPTv3, I had a solid foundation in penetration testing—particularly in Active Directory attacks. I completed the CRTP certification over three years ago, regularly solve machines on...

Finally, we reached The Summit, the final stage of the challenge. Using the Administrator hash from Middle Camp, we gained a foothold. By hijacking a script, we obtained a shell as another user. From there, we exploited our rights over the Domain Controller (DC) to perform a Resource-Based Constrained Delegation (RBCD) attack. This allowed us to escalate our privileges to the Administrator user and conquer the challenge. NmapAs always, we start off with an NMAP scan # Nmap 7.94SVN scan...

Welcome to Middle Camp, where we continue from part one. Using credentials found at Base Camp, we established a foothold in this new area. From here, we brute-forced the password of another user, gaining more access. This allowed us to change the password of a member in the Backup Operators group, giving us the right permissions to proceed. We then dumped registry files to collect password hashes. Finally, using these hashes, we escalated our privileges and successfully obtained a shell as...

This is part one of the K2 challenge on TryHackMe, where we began our journey at Base Camp, targeting a web application. Through fuzzing, we discovered several virtual hosts and exploited an XSS vulnerability in one of them, allowing us to steal a cookie and access another host. We then leveraged a SQL injection vulnerability to extract credentials from the database, using one of these credentials to gain an SSH shell. While navigating as this user, we found a password in one of the web...