Blog

Introduction 🖥️ Visual is a 2019 Windows Server, vulnerable to remote code execution through a misconfigured VS compilation service. After gaining initial access, users are able to pivot to the service account of the locally running web server. Once full privileges have been restored to the service account, users are able to perform a token impersonation attack via the EFS Potato exploit. Source: HackTheBox Scanning/Enum 🔍 Starting off we begin with a port scan. This scan is quick but it makes quite a bit of noise so do keep that in mind. ...

Introduction Querier is a mid-level Windows box focusing on information disclosure, capturing and cracking Net-NTLMv2 hashes, and weak service permissions. This is a great box for anyone looking to practice their enumeration and Windows priv esc skills. Okay, let’s go! Source: Hackthebox Scanning/Enumeration Let’s kick things off by running a network scan using Nmap. I’ll start with a simple scan just to get a feel for what is on this box. ...