Myles Nieman
← All writeups

SMB

4 writeups

Certifried

Very Easy

Anonymous SMB enumeration on an Active Directory host reveals a readable share; null-session LDAP queries are not open, but unauthenticated SMB access …

Windows

Playground

Hard

A Windows domain controller with restricted anonymous access is probed with SMB null sessions, kerbrute, and extensive RPC endpoint mapping; the notes …

Windows

Search

Hard

A password embedded in a webpage image seeds a chain through SMB Kerberoasting, password spraying, and an Excel spreadsheet full of plaintext …

Windows

Caring

Very Easy

An unauthenticated SMB Config share leaks a config.ini containing credentials for the user claudio; WinPEAS then surfaces Administrator credentials …

Windows