The process begins by finding a reverse shell present on the box to get a reverse shell. Then, it involves pivoting to another user to own user using Lua. Finally, by exploiting a cleanup script running as root, we can obtain the root shell. Nmap scan Usually I start with…
Monteverde is a Medium Windows machine that features Azure AD Connect. The domain is enumerated and a user list is created. Through password spraying, the SABatchJobs service account is found to have the username as a password. Using this service account, it is possible to enumerate SMB Shares on the…
OpenAdmin is an easy difficulty Linux machine that features an outdated OpenNetAdmin CMS instance. The CMS is exploited to gain a foothold, and subsequent enumeration reveals database credentials. These credentials are reused to move laterally to a low privileged user. This user is found to have access to a restricted…