Forum Widgets
Recent Discussions
Hafnium: ProxyLogon (Offensive) - Question 3
For the FQDN, I am wondering about where I am going wrong as I am basically using the command expected of this lab. However, there wasn't any shell code provided nor any expecations of what the shell powershell script should contain. I am wondering if you could provide directions into where I should be digging deeper into, to be able to obtain the FQDN
Kerberos: Active Directory Certificate Services lab - getting KRB-ERROR (16): KDC_ERR_PADATA_TYPE_NOSUPP
Lab: Kerberos: Active Directory Certificate Services - Labs - Immersive I am not able to get tgt ticket using this command .\Rubeus.exe asktgt /certificate:cert.pfx /user:Administrator /ptt It throws error: KRB-ERROR (16) : KDC_ERR_PADATA_TYPE_NOSUPP I have tried all the steps in same order: 1. .\Certify.exe find /vulnerable 2. .\Certify.exe request /ca:DC01.krbtown.local\krbtown-DC01-CA /template:VulnTemplate /altname:Administrator 3. generate cert.pfx and running rubeus. Searched for this error and it says - "In order to login using a certificate through a valid Kerberos TGT, Public Key Cryptography for Initial Authentication (PKINIT) must be supported in AD." Can someone plz help me to solve the lab.
Apache Header Tampering
Can someone point me to the right track? On this one, I found the hidden directory, used an X-Forwarded-For: to see into that directory where scanning for files showed a lot of 404s, with just a few 403 response codes. I've tried everything I can think of with variations on X-Original-URL:, X-Rewrite-URL:, and X-Forwarded-Uri:, but none of them get me able to see into any of the files/directories. I've even tried a few variations instead of X-Forwarded-For:, such as X-Client-IP: and a few others. I feel like I must be missing something. I didn't find any actual .php files in the hidden directory but the question seems to indicate that there are some in there. I found what I think are other directories within that first hidden directory.
If your question has been answered, help others by clicking:
