My HTB Writeups, some in ENG and others in PT-BR.
Some writeups don't have a writeup, they only have a reference writeup.
Machine | Resume Tools or Techniques | Difficulty |
---|---|---|
Absolute | nmap, netexec, exiftool, john rules, kerbrute, impacket-GetNPUsers, john, impacket-getTGT, impacket-smbclient, bloodhound-python, bloodhound, impacket-owneredit, impacket-dacledit, net rpc, certipy, evil-winrm, pywhisker, gettgtpkinit, winpeas, krbrelay.exe, krbrelayUp.exe, Rubeus.exe, RunasCs.exe, SharpCollection, Shadow Credentials, CLSID JuicyPotato, KRB5CCNAME, Microsoft Logon Type, PKINITtools, Pass The Certificate, DACL Abuse | Insane |
Access | nmap, ftp, mdb-tools, telnet, runas, DPAPI, impacket-dpapi, SharpDPAPI | Easy |
Active | nmap, smbclient, gpp-decrypt, Kerberoasting, GetUserSPNs, hashcat | Easy |
Aero | nmap, CVE-2023-38146, CVE-2023-28252, Visual Studio | Medium |
Blackfield | nmap, smbclient, ASREPRoast, impacket-GetNPUsers, bloodhound-python, bloodhound, netexec, rpcclient, john, pypykatz, evil-winrm, SharpUp, SeBackupPrivilege, Diskshadow, Robocop, ntds.dir, system, impacket-secretsdump | Hard |
Blue | nmap, ms17_010_eternalblue, metasploit | Easy |
Chatterbox | nmap, msfvenom, icacls, winpeas, AutoLogon credentials, wmiexec | Medium |
Devel | nmap, msfvenom, searchsploit, MS11-046 | Easy |
Escape | nmap, smbmap, smbclient, impacket-mssqlclient, responder, hashcat, evil-winrm, crackmapexec, Certify.exe, openssl, Rubeus.exe | Medium |
Forest | nmap, rpcclient, ASREProasting, impacket-GetNPUsers, crackmapexec, evil-winrm, SharpHound.ps1, BloodHound, DCSync | Easy |
Grandpa | nmap, metasploit, SeImpersonatePrivilege, churrasco.exe, | Easy |
Heist | nmap, cisco config file, cisco-type-7-password-decryption, cme, Password Spray, evil-winrm, procdump64.exe, psexec | Easy |
Jeeves | nmap, ffuf, jenkins, Groovy, SeImpersonatePrivilege, JuicyPotato.exe, Villain, ADS (Alternate Data Stream), keepass2john, john, kpcli, evil-winrm, PTH (Pass The Hash), psexec | Medium |
Jerry | nmap, msfvenom, tomcat | Easy |
Legacy | nmap, nmap script vuln smb, msfvenom, ms08-067 | Easy |
Love | nmap, ffuf subdomain, SSRF, PHP RCE, Invoke-PowerShellTcp.ps1, AlwaysInstallElevated, Villain, msiexec | Easy |
Manager | nmap, netexec, kerbrute, impacket-mssqlclient, evil-winrm, certipy, Rubeus.exe | Medium |
Netmon | nmap, ftp, PRTG Network Monitor, evil-winrm, searchsploit | Easy |
Optimum | nmap, metasploit, HttpFileServer httpd 2.3, windows-exploit-suggester, Sherlock.ps1, MS16-098 | Easy |
Remote | nmap, rpcinfo, showmount, mount, Umbraco, john, Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution, SeImpersonatePrivilege, PrintSpoofer64.exe | Easy |
Resolute | nmap, ldapsearch, cme, rpcclient, windapsearch, evil-winrm, PSTranscripts, DNSAdmins, msfvenom, smbserver, dnscmd, sc.exe | Medium |
Return | nmap, exploiting-multifunction-printers, evil-winrm, Server Operators, sc.exe | Easy |
Sauna | nmap, ffuf, smbmap, ldapsearch, ldapdomaindump, kerbrute, ASREProasting, impacket-GetNPUsers, evil-winrm, winpeas, AutoLogon credentials, SharpHound, BloodHound, DCSync | Easy |
Support | nmap, smbclient, Mono, ilspycmd, wireshark, Reverse Engineering, chatgpt, netexec, ldapdomaindump, evil-winrm, SharpHound, BloodHound, RBCD (Resource-Based Constrained Delegation), Powerview.ps1, Powermad.ps1, Rubeus.exe, impacket-ticketConverter, export KRB5CCNAME, impacket-psexec | Easy |