2/18/2024 0 Comments Free instal Seal of EvilFor root, I’ll abuse CVE-2022-26923 by registering a fake computer with a malicious DNS hostname to trick ADCS into thinking it’s the DC. I’ll find Windows encrypted creds for the next user in a diff files stored with the TeamCity files. With that and the creds, I can log into the server and upload a diff that gets executed as part of a CI/CD pipeline. I’ll reverse the Chrome plugin to understand how the backup works, and brute force the password to recover the TOTP seed. I’ll use the file as a key to get in, and find the domain, creds, and a 2FA backup to a TeamCity server. I’ll reverse engineer the executable and find a flaw that allows me to decrypt the file, providing a KeePass DB and file. Ctf htb-coder hackthebox nmap windows smb netexec smbclient adcs teamcity reverse-engineering dotnet dotpeek youtube visual-studio keepass kpcli authenticate 2fa totp source-code javascript cicd git-diff evil-winrm bloodhound bloodhound-python CVE-2022-26923 secretsdumpĬoder starts with an SMB server that has a DotNet executable used to encrypt things, and an encrypted file.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |