Welcome, Guest
You have to register before you can post on our site.

Email:
  

Password
  





Search Forums

(Advanced Search)

Forum Statistics
» Members: 240
» Latest member: Violex
» Forum threads: 81
» Forum posts: 196

Full Statistics

Latest Threads
cant connect to lab, says...
Forum: Noob Discussions
Last Post: admin
24-08-2017, 08:33 AM
» Replies: 1
» Views: 637
Can't connect to the lab
Forum: Noob Discussions
Last Post: mediaset
12-07-2017, 06:15 AM
» Replies: 6
» Views: 1,433
Can someone help me acces...
Forum: Noob Discussions
Last Post: admin
11-07-2017, 09:26 PM
» Replies: 1
» Views: 465
Hacking Lab
Forum: Where to start for Beginners
Last Post: admin
09-07-2017, 11:14 AM
» Replies: 0
» Views: 657
New
Forum: Noob Discussions
Last Post: admin
09-07-2017, 11:09 AM
» Replies: 1
» Views: 526
telnet mapscii.me
Forum: General Discussions
Last Post: c0axial
18-06-2017, 12:57 PM
» Replies: 0
» Views: 444
GoFetch and Bloodhoud - A...
Forum: Hacking and technology news
Last Post: c0axial
13-06-2017, 07:22 PM
» Replies: 0
» Views: 752
Threatcrowd.org
Forum: Where to start for Beginners
Last Post: c0axial
13-06-2017, 07:21 PM
» Replies: 0
» Views: 516
TAMAGOTCHA
Forum: General Discussions
Last Post: c0axial
22-05-2017, 01:57 PM
» Replies: 0
» Views: 455
books help me to understa...
Forum: Noob Discussions
Last Post: c0axial
03-04-2017, 07:32 PM
» Replies: 4
» Views: 1,299

 
  cant connect to lab, says pass auth error
Posted by: Pankhuri - 23-08-2017, 07:58 PM - Forum: Noob Discussions - Replies (1)

Hi Admin,

Please help, i am unable to connect to lab. Repeatedly getting password auth error.

Thanks

Print this item

  Can someone help me access the lab?
Posted by: mediaset - 10-07-2017, 07:23 AM - Forum: Noob Discussions - Replies (1)

Hi everyone, can someone that accessed the lab at least once help me understand how to do it?

Thanks

Print this item

  Hacking Lab
Posted by: admin - 09-07-2017, 11:14 AM - Forum: Where to start for Beginners - No Replies

Hello all,

I present to you my latest installment of hacking training!

A pentest training lab!

You can access the lab here: http://pentest.training

Simply register to access the VPN, from there, you will get unrestricted access to the pentest environment to practice hacking a fully functioning windows domain and server as well as vulnerable linux hosts. There are also custom web app training VMs in there for you to work your way through.

Please submit any bug reports or recommendations to me and ill get them sorted!

The pentest lab targets are: 10.0.10.0/24

have fun!

Print this item

  Can't connect to the lab
Posted by: mediaset - 09-07-2017, 10:01 AM - Forum: Noob Discussions - Replies (6)

Hi everyone,

I just registered and this is my first post.

First of all thanks for offering this forum and the lab.

I've a complain (I know, not the best way to start) and an help request.

First the complain: I find very strange that for a website that should promote security knowledge and awareness the registration to the vpn is done using HTTP... how can you account for what a user does in the lab if you can't be sure their account wasn't compromised?

Speaking of vpn I've created an account but when I connect using openvpn at the end I receive an AUTH_FAILED

Could you help me troubleshoot this?

Thanks

Print this item

  New
Posted by: abyf - 07-07-2017, 01:06 PM - Forum: Noob Discussions - Replies (1)

Hi all,
I am new here Do you mind telling me how to kick off? What if I want to take labs? how do I proceed thanks

Print this item

  telnet mapscii.me
Posted by: c0axial - 18-06-2017, 12:57 PM - Forum: General Discussions - No Replies

telnet mapscii.me

https://asciinema.org/a/117813?autoplay=1

Print this item

  GoFetch and Bloodhoud - Active Directory and credentials attacks
Posted by: c0axial - 13-06-2017, 07:22 PM - Forum: Hacking and technology news - No Replies

GoFetch and Bloodhoud - Active Directory and credentials attacks
Use Bloodhound to get a picture of the AD network and then use GoFetch to try and get the credentials using mimikatz.

About BloodHound

To get started with BloodHound, check out the BloodHound Github Wiki.

BloodHound is a single page Javascript web application, built on top of Linkurious, compiled with Electron, with a Neo4j database fed by a PowerShell ingestor.

BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment.
https://github.com/BloodHoundAD/BloodHound


https://github.com/GoFetchAD/GoFetch

GoFetch

GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.

GoFetch first loads a path of local admin users and computers generated by BloodHound and converts it to its own attack plan format. Once the attack plan is ready, GoFetch advances towards the destination according to plan step by step, by successively applying remote code execution techniques and compromising credentials with Mimikatz.

Watch Invoke-GoFetch in action

GoFetch has two different versions:

Chain reaction:

Invoke-GoFetch (written in PowerShell to avoid Python installation prereq), implements a recursion that reads the full path, dumps the relevant credentials with Invoke-Mimikatz, and then copy and execute itself using Invoke-PsExec on the next relevant machine guided by the network path.

One computer to rule them all:

Python based code (a video of this version demonstrated at BlackHat Europe 2016), using a technique where one centralized computer is doing the job of connecting to each computer in the path, in the right order, to steal credentials (using Mimikatz), and use them to connect to the next machine in the path.

Getting started with Invoke-GoFetch

Place GoFetch folder on the first machine of the attack path, in a session of the first user.

Parameters

-PathToGraph - Path to the BloodHound exported Graph which includes a path between two users.

-PathToPayload (optional) -
Path to local payload file .exe/.bat/.ps1 to run on next nodes in the path.

Examples

Usage to get the credentials along the path:
.\Invoke-GoFetch.ps1 -PathToGraph .\pathFromBloodHound.json
Usage to get the credentails along the path and execute additional payload on each:
.\Invoke-GoFetch.ps1 -PathToGraph .\graphExample.json -PathToPayload .\payload.exe
Prerequisites

Invoke-GoFetch is able to run from any version of Windows through Windows 7 that has PowerShell v2 or higher installed and .Net 3.5 or higher.
Invoke-Mimikatz - is included with a change in the Mimikatz DLL which allows the execution of the PowerShell file with additional arguments.
Invoke-Psexec - is included without changes.

Print this item

  Threatcrowd.org
Posted by: c0axial - 13-06-2017, 07:21 PM - Forum: Where to start for Beginners - No Replies

Threatcrowd.org

A search engine for threats

http://threatcrowd.org/

Print this item

  TAMAGOTCHA
Posted by: c0axial - 22-05-2017, 01:57 PM - Forum: General Discussions - No Replies

[Image: nhW5cdz.jpg]

Print this item

  How to bypass the network monitoring?
Posted by: fanooos - 27-03-2017, 11:56 PM - Forum: Noob Discussions - Replies (2)

Hi guys,

I have a situation and I have no idea how to deal with it.
In my company, the system administrator is monitoring the network using one of the fortinet devices, This way, the admin is capable of monitoring website I open from my machine.

Is there a way to hide my browsing from this monitoring?

Is there something like passing all the traffic from my machine via ssh to be encrypted and not readable? I have no idea actually is this applicable or not.

Print this item