GOAD_Provisioning_ActiveDirectory

Today we will talk about GOAD, from its creators:

GOAD is a pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environment ready to use to practice usual attack techniques.

This lab is extremely vulnerable, do not reuse recipe to build your environment and do not deploy this environment on internet without isolation (this is a recommendation, use it as your own risk). This repository was build for pentest practice.

Continue reading

Using Burp with Containers In Docker

Making Docker Containers Trust Burp Suite’s CA for Testing

When testing applications running inside Docker containers, intercepting traffic with Burp Suite can be challenging because containers don’t automatically trust Burp’s CA certificate. Without trust, HTTPS requests from inside the container will fail with certificate errors.

In this post, I’ll show you how to:

1. Add Burp Suite’s CA to your host system
2. Pass the trusted CA to Docker containers
3. Ensure seamless HTTPS traffic interception for testing

Let’s get started!

Anonymous AI Chat with different models

If you ever wished that you did not have to login or could use AI chat with anonymity, then you are in luck and right place, read on.

Head over to DuckDuckGo search. Click on the Hamburger menu in the right hand top side. In the drop down, select AI Chat, you will see it somewhere in middle of the menu.

Now, you can click “Get Started” (after reading the information on the page).

Using AI to Visualize File Contents: A Sandbox Adventure

Cyborg Room Walkthrough

Room Overview

Room URL: Cyborg

Room IP: 10.10.79.217 - This will be different for you.

Recon

We begin our reconnaissance phase by scanning the target using Nmap. This helps us identify the open ports and services running on the machine.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17

Starting Nmap 7.60 ( https://nmap.org ) at 2024-10-28 16:28 GMT
Nmap scan report for ip-10-10-79-217.eu-west-1.compute.internal (10.10.79.217)
Host is up (0.018s latency).
Not shown: 998 closed ports
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   2048 db:b2:70:f3:07:ac:32:00:3f:81:b8:d0:3a:89:f3:65 (RSA)
|   256 68:e6:85:2f:69:65:5b:e7:c6:31:2c:8e:41:67:d7:ba (ECDSA)
|_  256 56:2c:79:92:ca:23:c3:91:49:35:fa:dd:69:7c:ca:ab (EdDSA)
80/tcp open  http    Apache httpd 2.4.18 ((Ubuntu))
|_http-server-header: Apache/2.4.18 (Ubuntu)
|_http-title: Apache2 Ubuntu Default Page: It works
MAC Address: 02:1F:A9:A5:69:89 (Unknown)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Nmap done: 1 IP address (1 host up) scanned in 8.96 seconds

Web Enumeration

Next, we perform directory enumeration using Gobuster to find hidden directories on the web server.

Exploring MSC Files in Windows

Understanding MSC Files and Their Uses

In Windows, MSC files are shortcuts that open specific Microsoft Management Consoles (MMC)—a centralized interface that allows administrators and advanced users to manage various system settings, resources, and services. Each MSC file provides quick access to a particular management tool, such as device management, security policies, or performance monitoring, without the need to navigate through the Control Panel or other menus.

Using MSC files has several advantages:

Understanding Login Types in Windows

Introduction

Windows operating systems offer various login types that define how users authenticate themselves and gain access to the system. Understanding these login types is crucial for both users and system administrators, as they impact security, access levels, and overall user experience in a Windows environment. In this blog post, we’ll explore the different types of logins in Windows, how to check which login type you are using, and how these types influence your permissions and capabilities within the operating system.