SCF File Attacks, SMB Exploit via NTLM Capture
CVE-2021-1675 printnightmare
Previse
Previse: gobuster find directories, with burpsuite bypass redirect,
Traverxec
Traverxec:
nostromo 1.9.6 – Remote Code Execution
Heist
Heist
Active
Active:
Bastion
Bastion
Forest
Forest:
Vaccine
SQL injection vulnerabilities
Pathfinder
Windows box. Open port 88 is typically associated with Kerberos and port 389 with LDAP, which indicates that this is a Domain Controller. We note that WinRM is enabled on port 5985. Python bloodhound injester used.