The MyCloud NAS device can be configured to automatically redirect to HTTPS when browsing it’s web interface. The URL it is redirecting to is of the form https://device-local-<GUID>.remotewd.com:8543/. I was wondering if I can use my own certificate, and it actually worked out after digging a bit into the inner workings. First of all, I checked which tool is listening on port 8543. The name is nasAdmin: root@WDMyCloudEX2100 ~ # netstat -tulpen | grep 8543 tcp6 0 0 :::8543 :::* LISTEN 0 16738 4455/nasAdmin It’s started with a configuration located at /etc/nasAdmin. Read more

Active from HackTheBox is an easy Windows box, in which we first find AD credentials in Group Policy Preferences and subsequently do a kerberoasting attack to get domain administrator. Port Scanning The open TCP ports indicate that we’re dealing with an AD domain controller running Windows Server 2008 R2: PORT STATE SERVICE VERSION 53/tcp open domain Microsoft DNS 6.1.7601 (1DB15D39) (Windows Server 2008 R2 SP1) | dns-nsid: |_ bind.version: Microsoft DNS 6. Read more

Recently, I couldn’t access a machine within another VLAN anymore, because Docker on that machine used a subnet within the 192.168.x.x range for an internal network, that led to packets not finding the way back to me. Docker apparently uses the following ranges by default: 172.[17-31].0.0/16 192.168.[0-240].0/20 The routes on the machine were as follows. Unifi provides my machines with a default gateway, e.g. 192.168.20.1 and the route for the local subnet 192. Read more

The scenario is described as follows: In this lab environment, the user will access a Kali GUI instance. A vulnerable application can be accessed using the tools installed on Kali at http://demo.ine.local Objective: Exploit both the target and find all flags! Dictionaries to use: /usr/share/metasploit-framework/data/wordlists/common_users.txt /usr/share/metasploit-framework/data/wordlists/unix_passwords.txt Read more

The scenario is described as follows: In this lab environment, the user will access a Kali GUI instance. A vulnerable application can be accessed using the tools installed on Kali at http://demo.ine.local Objective: Exploit both the target and find all flags! Read more