Home
Mayfly
Cancel

GOAD - part 10 - Delegations

On the previous post (Goad pwning part9) we done some lateral move on the domain. Now let’s try some delegation attacks. Here i will just demonstrate the exploitation, if you want to understand th...

Active Directory Mindmap Upgrade

The v2022_11 AD mindmap is now available : Full view is available on orange cyberdefense mindmap site : https://orange-cyberdefense.github.io/ocd-mindmaps/img/pentest_ad_dark_2022_11.svg Upgrad...

GOAD - part 9 - Lateral move

In the previous post (Goad pwning part8) we tried some privilege escalation techniques. Today we will talk about lateral move. Lateral move append when you already pwned a computer and you move fro...

GLPI htmlawed (CVE-2022-35914)

TL;DR; Infos On a recent pentest we faced an interesting scope with full up to date products and without any credentials. After spend some time on bruteforce dns, folders, all the login form ...

GOAD - part 8 - Privilege escalation

In the previous post (Goad pwning part7) we tried some attacks with MSSQL on the domain. This time we will get a web shell on IIS and try some privilege escalation techniques. IIS - webshell T...

GOAD - part 7 - MSSQL

In the previous post (Goad pwning part6) we tried some attacks with ADCS activated on the domain. Now let’s take a step back, and go back on the castelblack.north.sevenkingdoms.local to take a look...

GOAD - part 6 - ADCS

In the previous post (Goad pwning part5) we tried some attacks with a user account on the domain. On this part we will try attacks when an ADCS is setup in the domain. First we will use petitpotam ...

GOAD - part 5 - exploit with user

In the previous post (Goad pwning part4) we played with relay ntlm. During this article we will continue to discover what can be done using a valid domain account Here we will only try samAccoun...

GOAD - part 4 - poison and relay

In the previous post (Goad pwning part3) we start to dig on what to do when you got a user account. Before start exploiting the VMs with a user account, we will just step back to the state (without...

GOAD - part 3 - enumeration with user

We found some users on Goad pwning part2, now let see what we can do with those creds. User listing When you get an account on an active directory, the first thing to do is always getting th...