Tag
Offensive Pentesting is one of the learning paths available on the TryHackMe platform. It is primarily designed for students preparing for the Offensive Security Certified Professional certification exam.
It contains both rooms that step the students through the various exploitation steps as well as rooms that aim to simulate a black box penetration test.
Read moreThe Windows installer is a utility which through the use MSI packages can install new software. The AlwaysInstallElevated is a Windows policy that allows unprivileged users to install software through the use of MSI packages using SYSTEM level permissions, which can be exploited to gain administrative access over a Windows machine.
This option is equivalent to granting full SYSTEM rights, which can pose a massive security risk. Microsoft strongly discourages the use of this setting.
Read moreRunas is a Windows command-line tool that allows a user to run specific tools, programs or commands with different permissions than the user’s current logon provides.
If a user’s credentials are cached in the system, the Runas command can be run using the /savecred flag which will automatically authenticate and execute the command as that user.
Read moreWindows services are sometimes configured with weak permissions linked to the service itself, or to the directory the service is being run from.
This can allow attackers to manipulate the service in order to execute arbitrary code when it starts and escalate privileges to SYSTEM.
Read moreThis is a vulnerability that manifests itself whenever the path to the executable used for a service is not surrounded by quotes.
This can be exploited to execute an arbitrary binary when the vulnerable service starts, which could allow to escalate privileges to SYSTEM
Read moreThis was an easy Windows box which involved accessing an open SMB share, decrypting a Group Policy Preference password found on the share to obtain the Administrator user’s hash which is then cracked to authenticate to the machine as SYSTEM.
Read moreThis was an easy Windows box that involved gaining initial access through a remote command execution vulnerability in the Rejetto HTTP File Server web application and exploiting a unquoted service path vulnerability in the Advanced System Care 9 application to gain SYSTEM level access
Read moreLinux-based operating systems, like most systems, have a way of scheduling the launch of programs or scripts based on certain time intervals to help automate recurring tasks. This can often become weaknesses and allow attackers to escalate privileges to root if improperly configured.
This guide will go through the main methods used to exploit scheduled tasks.
Read moreThis was a very easy Linux box which involved gaining a user shell by exploiting the really common Shellshock Linux vulnerability and escalating privileges to root by exploiting Perl which could be executed using sudo.
Read moreThis was an easy Windows box that involved extracting and cracking hashes from a Windows .vhd backup image to gain initial access and exploiting a vulnerability in mRemoteNG that allowed to decrypt stored passwords to escalate privileges to SYSTEM.
Read more