AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Anubis 2 pc download3/12/2024 ![]() ![]() Nmap found five open TCP ports, NetBios (135), HTTPS (443), SMB (445), and two ports related to RPC (593 and nmap -p-min-rate 10000 -oA scans/nmap-alltcp 10.10.11.102 Then I’ll go back and do it again using PoshADCS and Rubeus all on Anubis. I’ll show how to do this the more manual way, getting the certificate and then authenticating with Kerveros from my Linux VM. I’ll use that control to add smart card authentication as a purpose for the template, and create one for administrator. To escalate, I’ll find a certificate template that the current user has full control over. I’ll exploit these files to get execution and a foothold on the host. That account provides SMB access, where I find Jamovi files, one of which has been accessed recently. That server is handling software installs, and by giving it my IP, I’ll capture and crack the NetNTLMv2 hash associated with the account doing the installs. In the container I’ll find a certificate request, which leaks the hostname of an internal web server. ![]() Anubis starts simply enough, with a ASP injection leading to code execution in a Windows Docker container.
0 Comments
Read More
Leave a Reply. |