University CTF Write-Up

In this write-up, I detail the exploitation steps for the "University" machine in Hack The Box. Starting with initial enumeration using nmap and exiftool, I then identify a critical vulnerability CVE-2023-33733 which leads to remote code execution. The post further covers the use of BloodHound for mapping attack paths, leveraging evil-winrm for enumeration, and eventually gaining a reverse shell. From there, I perform privilege escalation, access critical systems, and capture the administrator flag. BloodHound was crucial in mapping attack vectors and finding escalation paths in Active Directory.

CVE generator

Using python i was able to develop scripts that take an input 3csv files :the cisa file,the filetomerge and the desiredfile and with some operations i was capable to create a set of transformations .

KeyLogger

Using pyqt i was able to develop a fully functional keylogger which tracks victim inputs in real time and sends it to hacker server

Analysis of suspicious activities using SIEM

We configured SIEM to forward logs between active directory machine and server and we tried simulating scenarios of attacks like kerberos attacks using Rubeus process injection using metasploit

User entity and Behavior Analytics

For my end of studies project i had successfuly developped a user entity and behavior analytics that analyses user activities on activedirectory domain and using duality of detection rules and clustered algorithms we successfuly detect abnormal activities done by user and we simulated malicious activities using powerup for privilege escalation checks and evil-winrm for remote access and we performed penetrating testing on the application using sqlmap and we checked for possible XSS attacks using BurpSuite