I've been doing hackthebox Mantis and trying to figure out the solution for this.
https://app.hackthebox.com/machines/Mantis
My main 2 references for any legacy box in HTB is ippsec and 0xdf. However, in both solutions, not much explanation given on how they find this in the first place.
0xdf - https://0xdf.gitlab.io/2020/09/03/htb-mantis.html#shell-as-system
After striking out on more exploitation, I started to Google a bit, and eventually found this blog post about MS14-068. Basically it’s a critical vulnerability in Windows DCs that allow a simple user to get a Golden ticket without being an admin. With that ticket, I am basically a domain admin.
ippsec - https://www.youtube.com/watch?v=VVZZgqIyD0Q&t=3310s
55:10 - Intended Route - Forging a Kerberos Ticket MS14-068
He simply went to google and search for "knock pass Kerberos exploitation". In real world, how to identify this kind of keyword to search for? Or are you simply try any CVEs available out there one by one?
[link] [comments]
from hacking: security in practice https://ift.tt/d0TriqB
Comments
Post a Comment