Certifried
Very EasyAnonymous SMB enumeration on an Active Directory host reveals a readable share; null-session LDAP queries are not open, but unauthenticated SMB access …
Playground
HardA Windows domain controller with restricted anonymous access is probed with SMB null sessions, kerbrute, and extensive RPC endpoint mapping; the notes …
Search
HardA password embedded in a webpage image seeds a chain through SMB Kerberoasting, password spraying, and an Excel spreadsheet full of plaintext …
Caring
Very EasyAn unauthenticated SMB Config share leaks a config.ini containing credentials for the user claudio; WinPEAS then surfaces Administrator credentials …