Linkedin TryHackme

OSEP

Lista de máquinas HTB (Hack the Box) para preparação para o exame OSEP (PEN-300)

Client Side Code Execution With Office

Attack Type
HTB Machine
Attack Used in HTB
Link
Phishing with Microsoft Office: RTF Document
REEL
malicious RTF Document (CVE-2017-0199)
Phishing with Microsoft Office: LibreOffice
RE
LibreOffice Macro
Phishing/Macro
REEL2
Grab NTLMv2 with Malicious link
Phishing with Microsoft Office: LibreOffice
RABBIT
LibreOffice Macro

Introduction to Antivirus Evasion

Attack Type
HTB Machine
Link
Obfuscating Macro
RE

Advanced Antivirus Evasion

Attack Type
HTB Machine
Link
Amsi Bypass
APT
Amsi Bypass
PivotAPI
Amsi Bypass
MULTIMASTER

Application Whitelisting

Attack Type
HTB Machine
Attack Used in HTB
Link
Applocker Bypass
REEL2
Breaking out of ConstrainedLanguage Mode by creating a function
Applocker Bypass
GIDDY
Escaping powershell constrained mode with PSBypassCLM
Applocker Bypass
SEKHMET
intended way of bypassing applocker
Applocker Bypass
-
AppLocker Bypass COR Profiler

Windows Credentials

Attack Type
HTB Machine
Attack Used in HTB
Link
Local Windows Credentials: LSASS Dump
ATOM
Using rundll32 to create a memory dump of LSASS
Local Windows Credentials: LSASS Dump
BLACKFIELD
running pypykatz to extract credentials
Local Windows Credentials: SAM Dump
BASTION
Extracting local passwords from SAM and SYSTEM with secretsdump
Local Windows Credentials: LAPS
STREAMIO
Identifying and Extracting the LAPS Password
Local Windows Credentials: LAPS
PivotAPI
Discovering a user who can add groups to LAPS
Access Tokens: UAC
ARKHAM
UAC Bypass
Access Tokens: SeImpersonate
SCRAMBLED
Abusing SeImpersonate Privilege
Access Tokens: Incognito
HACKBACK
Using incognito to grab our impersonation token for HACKER user

Linux Lateral Movement

Attack Type
HTB Machine
Attack Used in HTB
Link
DevOps
SEAL
Abusing ansible playbook
DevOps
INJECT
Ansible enumeration and privilege escalation
Kerberos on Linux
TENTACLE
Configuring our attacker’s box kerberos to connect to Tentacle’s KDC, and steal keytab
Kerberos on Linux
CERBERUS
examine the SSSD configuration and get a domain password
Kerberos on Linux
SEKHMET
Dumping the sssd.ldb, Using kinit to get a kerberos ticket

Microsoft SQL Server

Attack Type
HTB Machine
Attack Used in HTB
Link
MS SQL in AD
ESCAPE
Using mssqlclient to login to access MSSQL
MS SQL Escalation
SCRAMBLED
enabling xp_cmdshell and getting a reverse shell
MS SQL Escalation
STREAMIO
Using xp_dirtree to make the MSSQL database connect back to us and steal the hash

Active Diretory Exploitation

Attack Type
HTB Machine
Attack Used in HTB
Link
AD Object permission theory
REEL
Explaining Active Directory (AD) Security Objects (GenericWrite, WriteOwner,etc)
Abusing GenericAll
SUPPORT
Abusing GenericAll object permission
Abusing GenericAll, WriteDACL
MULTIMASTER
Abusing GenericAll, WriteDACL
Abusing GenericWrite, WriteDACL
REEL
Taking ownership and changing other user’s password
Kerberos Delegation
PivotAPI
Unconstrained delegation with the SQL User. Upload rubeus, use tgtdeleg
Kerberos Delegation
INTELLIGENCE
Unconstrained delegation
Kerberos Delegation
SUPPORT
RBCD

PreviousActive Directory Boxes

Last updated 9 months ago