Executive SummaryThis document presents a detailed penetration testing case study based on a simulated enterprise environment. The engagement demonstrates a complete attack chain from initial reconnaissance through external-facing services to full domain compromise. The scenario illustrates common security weaknesses found in real-world environments and provides educational insights into both offensive techniques and defensive considerations.Learning Objectives:Understanding web application vulnerability identificationLearning remote code ex...
Posts tagged domain controller compromise
Chunqiu Yunjing Initial CTF Writeup: ThinkPHP RCE to Domain Compromise
This comprehensive writeup documents the complete penetration testing process for the Chunqiu Yunjing Initial CTF challenge, covering the entire attack chain from initial reconnaissance through domain controller compromise.Target Environment InformationThe challenge provides a simulated professional scenario with the following target IP: 39.99.151.82. It's worth noting that the target IP may vary depending on when the challenge environment is instantiated, though the internal network addressing remains consistent across deployments.Phase 1: ...
Complete Penetration Testing Walkthrough: HackTheBox Season 10 Garfield Machine - From Initial Access to Domain Admin
Executive SummaryThis comprehensive walkthrough details the complete penetration testing process for the Garfield machine from HackTheBox Season 10. The target system is a Windows Server 2019 Active Directory domain controller (DC01.garfield.htb) with multiple security controls in place. Through systematic reconnaissance, credential harvesting, and advanced Active Directory exploitation techniques, we successfully achieved full domain compromise.The engagement demonstrates critical attack vectors including SMB share enumeration, DNS record m...