[ Hackache ]

Mis [notas] de hacking, [writeups] & [dolores de cabeza]

---

BreakMySSH

Muy Fácil Linux

• SSH

BreakMySSH

Fruits

Principiante Linux

• Enumeration

• Local File Inclusion

• Brute force SSH

• Sudoers

Fruits

Mirage

Hard Windows

• Unauthenticated NFS share

• Insecure Dynamic DNS Updates

• Rogue NATS Server / Traffic Capture

• Credential Leak via NATS Streams

• Kerberoasting

• Cross-Session NET-NTLMv2 Capture

• gMSA Password Disclosure

• Public-Information Attribute Write

• ESC10 (UPN Mapping / Weak CA Binding)

• DCSync

Mirage

Trust

Muy Fácil Linux

• Fuzzing

• Brute force

• Sudoers

Trust

Lower7

Low Linux

• ftp

• Shadow group

Lower7

RustyKey

Hard Windows

• Timeroasting Attack

• Active Directory ACL abuse

• Windows Group Policy Enumeration to abuse the 7-Zip Shell Extension

• Active Directory Delegations

• SPN-less Resource-Based Constrained Delegation attack

RustyKey

Horizontall

Easy Linux

• Subdomain

• Strapi RCE

• Port forwarding

• Laravel debug mode

Horizontall

Previse

Easy Linux

• EAR (Execution After Redirect)

• Abusing PHP exec()

• Hash cracking

• PATH hijacking

Previse

Brainfuck

Insane Linux

• Wordpress

• telnet

• Vigenere cipher

• RSA Decryption

Brainfuck

Joker

Hard Linux

• tftp

• squid proxy

• sudoedit

• tar

Joker

Crafty

Easy Windows

• Log4j

• Plugins

• Credenciales hardcodeadas

Crafty

Perfection

Easy Linux

• SSTI

• Remote Code Execution

• Privilegios sudo

Perfection

RedPanda

Easy Linux

• Spring Boot Framework

• SSTI

• cron job

• XXE

• Private key

RedPanda

Ghost

Insane Windows

• LDAP injection

• Gitea

• Arbitrary file read

• RCE

• Kerberos ticket

• DNS entry

• GMSA

• Golden SAML

• MSSQL

• Bidirectional trust

• Golden Kerberos ticket

Ghost

Stay in touch!

[🫡] LinkedIn # Github # HackTheBox [🫡]