Java Reconnaissance A quick Google search leads us to a file extensions explanation page, which states that the .do extension is typically a URL mapping scheme for compiled Java code. HTTP Routing...

Host entries: 10.10.10.248 intelligence.htb dc.intelligence.htb If Active Directory => NTP Synchronization with the domain controller. Content Information Leakage Kerberos Enumeration...

ReadLAPSPassword We can use the utility laps.py to read LAPS passwords outside the machine, all we need is valid credentials: python3 laps.py -u JDgodd -p 'JDg0dd1s@d0p3cr3@t0r' -d streamio.htb LAP...

Host entries 10.10.10.224 realcorp.htb If Active Directory => NTP Synchronization with the domain controller. Content DNS Enumeration (dnsenum) SQUID Proxy WPAD Enumeration OpenSMTPD...

This post is to show Markdown syntax rendering on Chirpy, you can also use it as an example of writing. Now, let’s start looking at text and typography. Titles H1 - heading H2 - heading H3 - h...

Placing files in writeable paths The following folders are by default writable by normal users (depends on Windows version - This is from W10 1803) C:\Windows\Tasks C:\Windows\Temp C:\windows\tra...

Passive Enumeration Domain.Glass Third-party providers such as domain.glass can provide information about the company’s infrastructure. GrayHatWarfare We can do many different searches, disco...

Basic Enumeration The site flaws.cloud is hosted as an S3 bucket. This is a great way to host a static site, similar to hosting one via github pages. Some interesting facts about S3 hosting: When ...

Host entries 10.10.10.62 upload.fulcrum.local dc.fulcrum.local If Active Directory => NTP Synchronization with the domain controller. Content API Enumeration - Endpoint Brute Force Advan...

Host: 10.10.11.102 windcorp.htb www.windcorp.htb If Active Directory => Synchronize your NTP with the domain controller: #Note This command does not work correctly on this machine, we circumven...