Another Windows box where I’ll try username as password and find two accounts. From those I’ll get access to the SYSVOL share, where I can poison a logon script to give me a reverse shell when the user logs in. That user has control over another service account that is meant to administer GPOs. I’ll abuse the GPO to get shell in the administrator’s group.| 0xdf hacks stuff
UV is the hot new tool among Python developers. It addresses a ton of issues in the Python ecosystem, from packaging, project management, tool installation, and virtual environment management. A lot of the tutorials out there are for developers. In most of the roles I’ve worked in information security, I’ve been much more a user of Python than a developer. This post is all about how to use UV to install and run Python applications and scripts.| 0xdf hacks stuff
There are little clues that can be gathered when first approaching a target as to the operating system and version. This cheat sheet is meant to showcase three methods for pulling information from initial scans. First I’ll look at SSH and webserver application versions and use them to map to OS versions. Then I’ll look at ports that are commonly present on Windows DCs and clients. Finally, I’ll look at IP packet TTL values, and how they can identify an OS, as well as virtualized systems.| 0xdf hacks stuff
