Ceald's Blog

Kernel_hacking

Kernel_hacking

Bpfs

Bpfs

Tuxedos

Tuxedos

Malware101

Malware101

Windows-Tokens

Intro

In windows things like access permissions are handled with tokens. Think of them as API tokens, they have certain permissions that you can do like impersonate other users or enable debugging on windows. The things that will be looked at in this post is how you can use windows tokens to get lower permissions than the Administrator user.

Stealing Tokens Via Windows Processes

Getting right to the point. In windows processes also have access tokens and certain processes like winlogon you can duplicate the token and use it to run commands as another user. This is done by first opening the process to get the token like so:

Win-Registry-Secrets

Intro

The windows registry is a system database that contains keys and values. Some things in the registry include; Windows credentials, cached passwords, usernames, and other credentials. In windows a group of keys is called a “hive” the hives that are the cool ones are; SAM, System, and Security.

SYSTEM Hive

The most important registry hive is the “System” hive, in the key: CurrentControlSet\Control\Lsa there are the necessary components to craft the boot key which will be used to decrypt the rest of the registry database to get things like hashes for users. Here’s some example code from “Go-Go-Gadget-Katz” for getting the boot key:

Mothership_c2

Description:

Mothership C2 is my command and control server for managing and interacting with shell connections.

Features:

Some features of Mothership include

What is a C2?

A C2 server is a Command and Control server, it helps with controlling and commanding shell connections. C2 servers are used by APTs (advanced persistent threats) and by red teams

Delta2

Background

Delta2 is an API that is a Swiss army knife for active directory. I wrote this project because I was sick of having to set up java and remembering how to use bloodhound python for doing active directory boxes on HackTheBox, so I wrote my own. Delta2’s primary use is automation like automate kerberoasting after mapping the domain or getting shortest paths to admin users and exploiting the necessary users to get to admin users.

Hello

Hello World!!

About Me

Hello World! I am Ceald, a cybersecurity student, I like heavy music and build cool tools/projects sometimes. I know python and a bit of Golang