Vintage is really great machine. Geiseric quality u know im saying. Before start!!!!!! Make sure the cleanup script is not cleaning ur scripts. Especially on svc_sql part Entry As is common in ...

As is common in real life Windows pentests, you will start the Administrator box with credentials for the following account: Username: Olivia Password: ichliebedich Before start i realized Entry n...

Ghost is the one of the my fav box so far it was great. Entry Before Start cat /etc/hosts 127.0.0.1 localhost 127.0.1.1 kali # The following lines are desirable for IPv6 capable host...

Entry ➜ Phantom nxc smb 10.10.96.47 SMB 10.10.96.47 445 DC [*] Windows Server 2022 Build 20348 x64 (name:DC) (domain:phantom.vl) (signing:True) (SMBv1:False) alrigh...

Entry its common Windows pentest so its starting with creds alright our target : 10.10.11.41 creds : judith.mader / judith09 This is default AD box so i will start with nxc instead of nmap ➜...

Entry ➜ rebound nxc smb 10.10.11.231 SMB 10.10.11.231 445 DC01 [*] Windows 10 / Server 2019 Build 17763 x64 (name:DC01) (domain:rebound.htb) (signing:True) (SMBv1:False)...

Entry 10.10.85.108 ➜ delegate nxc smb 10.10.85.108 SMB 10.10.85.108 445 DC1 [*] Windows Server 2022 Build 20348 x64 (name:DC1) (domain:delegate.vl) (signing:True) (SMB...

10.10.100.216 Entry nmap 22/tcp open ssh 53/tcp open domain 88/tcp open kerberos-sec 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 464/tcp open kpasswd5 593...

10.10.171.245 10.10.171.246 those are our hosts so lets go ➜ Intercept nxc smb 10.10.171.245 SMB 10.10.171.245 445 DC01 [*] Windows Server 2022 Build 20348 x64 (name:DC0...

10.10.129.245 10.10.129.246 10.10.129.247 MS01 Look into Relaying Attacks Run Bloodhound & look into interestings ACLs WS01 Another flavour of the same ACL Dump Credentials DC0...