Active Directory, Reverse Engineering & Unintended Solutions - Pivotapi @ HackTheBox
We are solving Pivotapi, a 50-point Windows machine on HackTheBox. This one involves some Reverse Engineering, MSSQL, and Active Directory Attacks like Kerberoasting, ASREPRoasting, and various misconfigurations. At the end, we will explore some unintended ways to root this box.
Notes & Tools
- https://github.com/zcgonvh/EfsPotato
- https://github.com/itm4n/PrintSpoofer
- https://github.com/antonioCoco/RoguePotato
- https://twitter.com/0gtweet/status/1303427935647531018
- https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks
- https://github.com/xct/SeManageVolumeAbuse
This post is licensed under CC BY 4.0 by the author.