ctfs, writeups, hardware hacking, road to oscp
A stager is a small piece of software that has only one primary task: to trigger a larger implant's download and make the initial connection between host and C2. Stagers are small, lightweight and can help in AV evasion where they can potentially run in-memory.
Active is an easy windows box where we find encrypted credentials in an unsecured smb share. We can decrypt credentials with a publicly available key to get domain user and perform a kerberoasting attack against the svc_tgs account to get domain admin.
This is a guide on llmnr poisoning. When dns fails, a fallback protocol is used named llmnr/nbt-ns. Resource locations are requested from the whole network, and an attacker can respond in exchange for a victim's hashed credentials.
Walkthrough of using sliverc2 against linux targets. Sliver is a modern cli-based control and command (c2) framework that is extremely flexible, supporting beacons, stagers, mtls/http/dns transport options and more!
Chemistry is an easy linux box. After gaining a shell through insecure file upload, we can crack internal hashed credentials found in a sql database and laterally move into a user shell. We can then privilege escalate to root by exploiting an internal webpage's path traversal/file inclusion vulnerability to get an ssh key for root.
This is a post on SUID bits. SUID binaries run with the permissions of their owner. Consequently, root-owned binaries can be ran as root. In this post, we exploited the SUID bit for systemctl to run arbitrary root commands by getting a shell.