Windows

Introduction Win-Enum is an automated enumeration tool I built to speed up the initial reconnaissance phase when targeting Windows machines and Active Directory environments. It runs common enumeration tools in sequence and organizes the output for easy review. Language: Python 3 Target: Windows / Active Directory Purpose: OSCP preparation, penetration testing GitHub: github.com/jashidsany/win-enum Why I Built This During OSCP preparation, I found myself running the same enumeration commands repeatedly: Nmap scan SMB null session check User enumeration AS-REP roasting attempt Web directory brute forcing This tool automates all of that and saves output in an organized structure. ...

Introduction Devel is a Windows machine on HackTheBox that demonstrates a classic attack chain: anonymous FTP access to a web server’s root directory, allowing us to upload a malicious web shell. We then exploit an unpatched Windows 7 system using a kernel vulnerability to gain SYSTEM privileges. Difficulty: Easy OS: Windows Skills: FTP enumeration, web shell upload, Windows kernel exploitation Reconnaissance Nmap Scan nmap -sC -sV -oN nmap/devel 10.129.2.19 Port Service Version 21 FTP Microsoft ftpd 80 HTTP Microsoft IIS 7.5 Key finding from Nmap: ...

Introduction Forest is a Windows Active Directory Domain Controller on HackTheBox. This box demonstrates common AD misconfigurations and attack paths including AS-REP Roasting, privileged group abuse, and DCSync attacks. Difficulty: Easy OS: Windows Skills: AD Enumeration, AS-REP Roasting, Privilege Escalation, DCSync Reconnaissance Nmap Scan nmap -sC -sV -Pn 10.129.1.248 Key findings: Port Service Significance 53 DNS Domain Controller 88 Kerberos AD Authentication 135 RPC Windows RPC 389/3268 LDAP AD Directory 445 SMB File sharing 5985 WinRM Remote management Domain: htb.local Computer: FOREST.htb.local ...

Introduction Optimum is a Windows machine on HackTheBox that features a vulnerable HttpFileServer application and privilege escalation through kernel exploitation. This box teaches the importance of checking software versions and using enumeration tools to find the right kernel exploit. Difficulty: Easy OS: Windows Skills: Version-based exploitation, kernel exploit enumeration, Windows privilege escalation Reconnaissance Nmap Scan nmap -sC -sV -oN nmap/optimum 10.129.2.30 Port Service Version 80 HTTP HttpFileServer 2.3 Only one port open running HFS 2.3 (HttpFileServer). When we see specific software with version numbers, we immediately check for known exploits. ...

Introduction Blue is a Windows machine on HackTheBox that’s vulnerable to EternalBlue (MS17-010) the same exploit used in the devastating WannaCry ransomware attack in 2017. This box is a great introduction to exploiting SMB vulnerabilities and understanding why patching is critical. Difficulty: Easy OS: Windows Skills: SMB enumeration, EternalBlue exploitation Reconnaissance Nmap Scan Started with a standard nmap scan to identify open ports and services: nmap -sC -sV -Pn 10.129.4.126 Key findings: ...

Introduction A PE (Portable Executable) file is the format Windows uses for executables (.exe), DLLs (.dll), and other binary files. If you want to understand how Windows works under the hood, whether for malware analysis, reverse engineering, or offensive security, understanding PE structure is essential. In this post, I’ll walk through building a PE parser from scratch in C, explaining each component along the way. What is a PE File? Every time you run a program on Windows, the OS loader reads the PE file and maps it into memory. The PE format tells Windows: ...