Anubis
Anubis
Anubis 371
Anubis
RETIRED MACHINE

Anubis

Anubis - Windows Windows
Anubis - Insane Insane

4.5

MACHINE RATING

780

USER OWNS

703

SYSTEM OWNS

14/08/2021

RELEASED
Created by 4ndr34z

Machine Synopsis

Anubis is an insane difficulty Windows machine that showcases how a writable certificate template in the Windows Public Key Infrastructure can lead to the escalation of privileges to Domain Administrator in an Active Directory environment. An interactive shell on a Windows container can be obtained by exploiting a simple ASP code injection vulnerability in a public-facing web application. Pivoting from the initial shell, further access is gained to an internal web application that can be tricked into sending requests to an attacker-controlled Responder server, allowing to steal valid domain credentials that can be used to access an internal SMB share where malicious Jamovi files can be uploaded, resulting in a shell on the Windows host. After adding the smart card logon extended usage attribute to an available certificate template and requesting a new client certificate, PKINIT can be configured on an attacking Linux machine to request a Kerberos ticket and login to the system as Administrator.

Machine Matrix

Ready to start your
hacking journey?