AD CS – The ‘Certified Pre-Owned’ Attacks

Overview This post will cover the attacks detailed in the white-paper produced by SpecterOps. The most well-known of which is the 'ESC8' attack - where a standard domain user can escalate to Domain Admin, given a vulnerable environment. If AD CS is a new concept to you, then I have a post covering the basics, … Continue reading AD CS – The ‘Certified Pre-Owned’ Attacks

HTB Cyber Apocalypse – Emoji Voting Writeup

Emoji Voting was a 2-star rated 'Web' machine. The server was vulnerable to SQL injection, which allowed for the flag to be discovered. This was a fairly laborious process, as the SQL injection was after an 'ORDER BY' statement, which increased the complexity of exploiting it. Pwning Emoji Voting The website itself appears to be … Continue reading HTB Cyber Apocalypse – Emoji Voting Writeup

HTB CTF 2021 – Input as a Service Writeup

Input as a Serivce (Iaas) 1-star rated challenge from the HackTheBox Cyber Apocalypse CTF. This challenge was from the 'Misc' section, in contrast to most of the others I attempted! This challenge revolved around a input function vulnerability in a Python web server, which could be exploited to achieve an RCE. Some initial poking around … Continue reading HTB CTF 2021 – Input as a Service Writeup