UV is the hot new tool among Python developers. It addresses a ton of issues in the Python ecosystem, from packaging, project management, tool installation, and virtual environment management. A lot of the tutorials out there are for developers. In most of the roles I’ve worked in information security, I’ve been much more a user of Python than a developer. This post is all about how to use UV to install and run Python applications and scripts.| 0xdf hacks stuff
Vintage is another pure AD box, this time at Hard level. I’ll start with creds, and use them to collect Bloodhound data, which shows a computer object that’s a member of the Pre-Windows 2000 Compatible Access group. This means I can guess it’s password, and use that machine to get the GMSA password for a service account. I’ll use that access to enable a disabled service account and perform a targeted Kerberoast attack on it. I’ll spray that password to get access as a user and the f...| 0xdf hacks stuff
Administrator is a pure Active Directory challenge. I’ll start with creds for a user, and use them to collect Bloodhound data on the domain. I’ll find that I can modify a user’s password, and that user can modify another user’s password. That user has access to an FTP share where I’ll find a Password Safe file. I’ll crack the password to recover more passwords, pivoting to the next user. This user has GenericWrite over another user, which I’ll abuse with a targeted Kerberoasting...| 0xdf hacks stuff
There are little clues that can be gathered when first approaching a target as to the operating system and version. This cheat sheet is meant to showcase three methods for pulling information from initial scans. First I’ll look at SSH and webserver application versions and use them to map to OS versions. Then I’ll look at ports that are commonly present on Windows DCs and clients. Finally, I’ll look at IP packet TTL values, and how they can identify an OS, as well as virtualized systems.| 0xdf hacks stuff
Blazorized in a Windows-focused box, starting with a website written using the Blazor .NET framework. I’ll reverse a DLL that comes from the server to the browser to find a JWT secret and use it to get access to the admin panel. There I’ll abuse SQL injection to get execution and a shell. To pivot to the next user, I’ll abuse the WriteSPN privilege to perform a targeted Kerberoast attack. Then I’ll abuse permissions to write another user’s login script. Finally, I’ll abuse the Get...| 0xdf hacks stuff