VOIDREAD
VOIDREAD
Home Posts Writeups
VOIDREAD
Notes from the fog. Records from the breach.
Recent
AD . 17

Valid User (No Password)

Valid User (No Password) techniques and commands for Active Directory security assessment.
AD . 16

Trusts

Trusts techniques and commands for Active Directory security assessment.
AD . 15

SCCM

SCCM techniques and commands for Active Directory security assessment.
AD . 14

Persistence

Persistence techniques and commands for Active Directory security assessment.
Wandering
HTB . 13

Expressway - HTB

Linux target using IKE aggressive mode to crack PSK, SSH as ike, and sudo chroot vulnerability (CVE-2025-32463) for root.
HTB . 8

Puppy - HTB

Puppy is a Medium Difficulty machine that features a non-default SMB share called DEV. With the provided credentials for user levi.james, enumeration of the domain is possible. The enumeration reveals that this user has GenericWrite privileges over the Developers group. After adding Levi to this group, we can access the previously inaccessible DEV share. This share contains the backup of a KeePass database, which we can download, export the hash of and crack. The database reveals a plethora of username and password combinations. A password spray attack shows that one of the passwords is valid for user Ant.Edwards. Furthermore, this new user has GenericAll privileges over the user Adam.Silver, which allow us to change their password to a password of our choice. After the password is changed, we must re-enable Adam's account, as it has been disabled, which then allows us to connect to the remote system over WinRM. Lateral movement is achieved by finding the backup of a website, which contains credentials for user Steph.cooper. Finally, privileges are escalated through DPAPI credentials that are decrypted using Steph's password. The credentials revealed belong to Steph.cooper_adm, presumably the Administrative account of Steph, and a connection can be made over WinRM.
HTB . 42

Pterodactyl - HTB

Medium Linux box exploiting a Pterodactyl Panel locale RCE, then escalating via polkit/udisks chained CVEs on openSUSE.
HTB . 13

Mirage - HTB

Mirage is a hard Windows AD machine involving NFS report leaks, DNS hijack to capture NATS credentials, Kerberoasting, gMSA abuse, and ESC10 certificate misuse to reach DCSync.