Tag: CTF
All the articles with the tag "CTF".
All Posts
PG • CTF • Access • Write-Up
Published: at 12:36 PMProving Grounds CTF - Access. File upload vulnerability, Kerberoasting, and SeManageVolumePrivilege abuse.
PG • CTF • Heist • Write-Up
Published: at 12:36 PMProving Grounds Heist write-up: turn a URL feature into SSRF, capture an NTLMv2 hash with Responder, abuse a gMSA password reader and finish with SeRestorePrivilege.
PG • CTF • Hutch • Write-Up
Published: at 12:36 PMProving Grounds Hutch write-up: from LDAP user discovery to abusing WebDAV uploads for ASPX RCE, and finally using LAPS to read back the local Administrator password.
PG • CTF • Vault • Write-Up
Published: at 12:36 PMProving Grounds Vault write-up: drop a malicious URL/SCF file into a writable SMB share, capture a domain user hash, get a WinRM shell and abuse SeRestorePrivilege with Utilman.