Machine: You are not allowed to view links. Register or Login to view.
IP: 10.10.11.45
Authentication Server Creds: P.Rosa / Rosaisbest12
As usual, I Tried common methods such as SMB/LDAP brute Forcing using NetExec (nxc), but got error because the server responded with "STATUS_NOT_SUPPORTED,". This indicates that NTLM was not supported. Then i tried to obtain the Kerberos ticket (.ccache) file using the following command and got the ticket.
root@kali /home/bob/Desktop/HTB/Vintage$ PYTHONWARNINGS='ignore' impacket-getTGT vintage.htb/P.Rosa:'Rosaisbest123' -dc-ip 10.10.11.45
Impacket v0.12.0 - Copyright Fortra, LLC and its affiliated companies
Saving ticket in P.Rosa.ccache
Open Thread
a tool used to discover endpoints (and potential parameters) for a given target. It can find them by:
crawling a target (pass a domain/URL)
crawling multiple targets (pass a file of domains/URLs)
searching files in a given directory (pass a directory name)
get them from a Burp project (pass location of a Burp XML file)
get them from an ZAP project (pass location of a ZAP ASCII message file)
get them from a Caido project (pass location of a Caido export CSV file)
processing a You are not allowed to view links. Register or Login to view. results directory (searching archived response files from waymore -mode R and also requesting URLs from waymore.txt and the original URLs from index.txt - see You are not allowed to view links. Register or Login to view.)
The python script is based on the link finding capabilities of my Burp extension You are not allowed to view links. Register or Login to view.. As a starting point, I took the amazing tool You are not allowed to view links. Register or Login to view. by Gerben Javado, and used the Regex for finding links, but with additional improvements to find even more.
When running phishing simulations, ensuring emails land in the inbox—not spam—is critical. Here are two must-have tools:
You are not allowed to view links. Register or Login to view. – Detects spam trigger words to optimize email content for better deliverability. You are not allowed to view links. Register or Login to view. – Provides a detailed spam score and analyzes your sending IP, mail server, and email configuration.
Use these tools to refine your phishing campaigns and maximize engagement!
![[Image: bypassing-amsi-and-av-parameters.png?w=1...=100&ssl=1]](https://i0.wp.com/practicalsecurityanalytics.com/wp-content/uploads/2025/02/bypassing-amsi-and-av-parameters.png?w=1354&quality=100&ssl=1)
![[Image: bypassing-amsi-and-av-detection-hirustot...=100&ssl=1]](https://i0.wp.com/practicalsecurityanalytics.com/wp-content/uploads/2025/02/bypassing-amsi-and-av-detection-hirustotal.png?resize=1536%2C644&quality=100&ssl=1)
![[Image: GlNcUnoXMAMGqQt?format=jpg&name=medium]](https://pbs.twimg.com/media/GlNcUnoXMAMGqQt?format=jpg&name=medium)
![[Image: DarkCorp.png?resize=1024%2C832&ssl=1]](https://i0.wp.com/thecybersecguru.com/wp-content/uploads/2025/02/DarkCorp.png?resize=1024%2C832&ssl=1)
![[Image: Titanic.png?resize=1024%2C832&ssl=1]](https://i0.wp.com/thecybersecguru.com/wp-content/uploads/2025/02/Titanic.png?resize=1024%2C832&ssl=1)
![[Image: screenshot.png?raw=true]](https://github.com/Invicti-Security/brainstorm/blob/main/screenshot.png?raw=true)
![[Image: example1a.png]](https://raw.githubusercontent.com/xnl-h4ck3r/xnLinkFinder/main/xnLinkFinder/images/example1a.png)
