7minsec / lplite Goto Github PK
View Code? Open in Web Editor NEWA place to track issues/changes to LPLITE curriculum
A place to track issues/changes to LPLITE curriculum
Updated: While we're sniffing around Active Directory, let's also do some snooping within the environment's file share system to see if we can find anything interesting.
Where is the problem happening
Provide the Teachable curriculum URL that corresponds with the issue you're reporting.
https://7minsec.teachable.com/courses/2053747/lectures/46224733
Describe the problem
A trailing slash to icacls
results in an error:
And the lab directions say to include them:
Remove the trailing slashes and all is good
Where is the problem happening
Provide the Teachable curriculum URL that corresponds with the issue you're reporting.
i.e. https://7minsec.teachable.com/courses/x/y/z
https://7minsec.teachable.com/courses/2053747/lectures/46224728
Describe the problem
A clear and concise description of what the bug is.
*i.e. "There's a typo on the third line" or "The second paragraph mentions a tool that's not there."
From my experience amsi.fail just kinda doesn't work anymore. Also the file "c:\users\public\pentest-tools\amsibypass.txt" doesn't seem to be helpful so maybe it can be removed. The github link at the end of the page does work but people might need some handholding to get it working. Setting up http server etc.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
Student should be able to bypass amsi without a lot of interactive hand holding.
Where is the problem happening
https://7minsec.teachable.com/courses/2053747/lectures/46224724
Describe the problem
Incorrect Domain Admins group vs quiz:
Expected behavior
They should match.
Where is the problem happening
Provide the Teachable curriculum URL that corresponds with the issue you're reporting.
Inside PDF at https://7minsec.teachable.com/courses/2053747/lectures/46224753
Presumably more typoes are in this thread
Where is the problem happening
https://7minsec.teachable.com/courses/2053747/lectures/46224745
Describe the problem
Typo - "At a high level, here's what's happening:" then talking about Brian's Laptop, then 'her machine' and ' so sends her a "Nope!"'.
Typo - "OMg, pick me" should be OMG
Typo - Brian''s -> Brian's
Whoops. Pypykatz is missing in this exercise (https://7minsec.teachable.com/admin-app/courses/2053747/curriculum/lessons/46224760) so it needs to be part of the standard build.
Consider what to do with things that got cut from v1 such as unconstrained delegation. Make it extra credit? What about carving up LPLITE into 2 difficulty levels?
Where is the problem happening
https://7minsec.teachable.com/courses/2053747/lectures/46224746
Before making final VM snapshot for course, make sure to change:
Where is the problem happening
Provide the Teachable curriculum URL that corresponds with the issue you're reporting.
i.e. https://7minsec.teachable.com/courses/x/y/z
https://7minsec.teachable.com/courses/2053747/lectures/46224737
Describe the problem
A clear and concise description of what the bug is.
*i.e. "There's a typo on the third line" or "The second paragraph mentions a tool that's not there."
When running the hashcat command to crack the kerberoast and asreproast hashes the hash files won't be in the same dir as the hashcat .exe because it was extracted to its own sub folder. So copy pasting the command from the instructions wont work. Instead of this
hashcat kerberoast.txt ..\wordlists\rockyou.txt
You need this
hashcat ..\kerberoast.txt ..\wordlists\rockyou.txt
Or you need to copy paste kerberoast.txt into the new hashcat directory
To Reproduce
Steps to reproduce the behavior:
At the very end of the training curriculum, add a thank you section to all the fine folks that made this possible!
Would love to....but will mark this as a v3 enhancement for the future.
And I need to update this ticket when I revisit ADCS vuln: AlmondOffSec/PassTheCert#13
Where is the problem happening
https://7minsec.teachable.com/courses/2053747/lectures/46224760
You could use Mimikatz instead, though:
C:\Users\Public\pentest-tools>mimikatz\x64\mimikatz.exe "sekurlsa::minidump C:\Users\Public\pentest-tools\dump.dmp" "sekurlsa::logonpasswords" "exit"
Where is the problem happening
Provide the Teachable curriculum URL that corresponds with the issue you're reporting.
i.e. https://7minsec.teachable.com/courses/x/y/z
https://7minsec.teachable.com/courses/2053747/lectures/46224730
Describe the problem
A clear and concise description of what the bug is.
*i.e. "There's a typo on the third line" or "The second paragraph mentions a tool that's not there."
Then link to here ASREPRoasting doesn't work.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
The link should send you to a valid website
Screenshots
If applicable, add screenshots to help explain your problem.
Where is the problem happening
Provide the Teachable curriculum URL that corresponds with the issue you're reporting.
i.e. https://7minsec.teachable.com/courses/x/y/z
https://7minsec.teachable.com/courses/2053747/lectures/46224722
Describe the problem
A clear and concise description of what the bug is.
*i.e. "There's a typo on the third line" or "The second paragraph mentions a tool that's not there."
Ran ipconfig /all as instructed. Noticed that alternate DNS servers 1.1.1.1 and 9.9.9.9 are being distributed by DHCP. This could lead to issues in the future. If the pc can't find the primary DNS server (domain controller) it could fail over to another DNS server. If this happens active directory authentications and lookups will stop working on the client. On windows DNS doesn't always fail back to the primary DNS server when it recovers and stays with the most recent workins DNS server.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
Only have domain controllers specified as DNS servers
Screenshots
If applicable, add screenshots to help explain your problem.
I think you get it lol.
Additional context
Add any other context about the problem here.
https://activedirectorypro.com/dns-best-practices/
I need to update the content/outline for the "sales" page here
When we talk about identifying hash types with the hashcat wiki and other resources, a student mentioned this was awesome as well:
https://github.com/blackploit/hash-identifier
Where is the problem happening
https://7minsec.teachable.com/courses/2053747/lectures/46224726
Describe the problem
Probably start with Run PowerShell, then have the Browse to C:\Users\Public... step afterwards. No biggie though.
Updated 2 areas:
ASREPRoasting enumerates any users in the domain that do not require Kerberos preauthentication and captures the affected user’s hashes.
Other:
Much like the Kerberoasting attack we just looked at, ASREPRoasting allows us to say, "Hey, Active Directory, if any users you know about are set to do not require Kerberos preauthentication, let me have a bit of encrypted data about that user that I can bring offline and crack!”
Where is the problem happening
https://7minsec.teachable.com/courses/2053747/lectures/46224728*
Describe the problem
Line 15 says 'typing import-module powerup.ps1 which fails. It should be ./powerup.ps1 (like the image shows)
OK I'm going to be rude and skip the rest of the stuff, as that should be good enough for you to figure it out :)
Where is the problem happening
Provide the Teachable curriculum URL that corresponds with the issue you're reporting.
https://7minsec.teachable.com/courses/2053747/lectures/46224742
I'll see how big a deal this is later, though the installer is present:
Where is the problem happening
Provide the Teachable curriculum URL that corresponds with the issue you're reporting.
i.e. https://7minsec.teachable.com/courses/x/y/z
https://7minsec.teachable.com/courses/2053747/lectures/46224748
Describe the problem
A clear and concise description of what the bug is.
*i.e. "There's a typo on the third line" or "The second paragraph mentions a tool that's not there."
The instructions say to navigate to C:\users\public\pentest-tools\AD\Bloodhound-win32-x64
But the correct path is C:\Users\Public\pentest-tools\BloodHound-win32-x64
Screenshots
If applicable, add screenshots to help explain your problem.
Where is the problem happening
https://7minsec.teachable.com/courses/2053747/lectures/46224763
Describe the problem
Should be Hashcat linked here (https://hashcat.net/hashcat/), not JtR.
Where is the problem happening
https://7minsec.teachable.com/courses/2053747/lectures/46806226
Describe the problem
For inexperienced users (such as myself), adding the directions to click Menu -> Add Files (such as the following) would help greatly:
Where is the problem happening
Provide the Teachable curriculum URL that corresponds with the issue you're reporting.
i.e. https://7minsec.teachable.com/courses/x/y/z
https://7minsec.teachable.com/courses/2053747/lectures/46224733
Describe the problem
A clear and concise description of what the bug is.
*i.e. "There's a typo on the third line" or "The second paragraph mentions a tool that's not there."
Instructions say click "Start > Run". There is nothing called Run in the start menu to click. Yes I know this is dumb feedback.
To Reproduce
Steps to reproduce the behavior:
Additional context
Add any other context about the problem here.
Could type in the search box instead. Or just open the start menu and start typing. Or right click the start menu and select run. Or a million other solutions.
Where is the problem happening
Provide the Teachable curriculum URL that corresponds with the issue you're reporting.
i.e. https://7minsec.teachable.com/courses/x/y/z
https://7minsec.teachable.com/courses/2053747/lectures/46224758
Describe the problem
A clear and concise description of what the bug is.
*i.e. "There's a typo on the third line" or "The second paragraph mentions a tool that's not there."
The path to cme is listed as C:\users\public\pentest-tools\multitool
but it's actually C:\users\public\pentest-tools
Screenshots
If applicable, add screenshots to help explain your problem.
Where is the problem happening
Provide the Teachable curriculum URL that corresponds with the issue you're reporting.
i.e. https://7minsec.teachable.com/courses/x/y/z
https://7minsec.teachable.com/courses/2053747/lectures/46224757
Describe the problem
A clear and concise description of what the bug is.
*i.e. "There's a typo on the third line" or "The second paragraph mentions a tool that's not there."
The path to the wordlist in the hashcat command is incorrect. It says hashcat -m 1000 crackme.csv ..\rockyou.txt --username
It should say hashcat.exe -m 1000 crackme.csv ..\wordlists\rockyou.txt --username
Screenshots
If applicable, add screenshots to help explain your problem.
Where is the problem happening
Provide the Teachable curriculum URL that corresponds with the issue you're reporting.
i.e. https://7minsec.teachable.com/courses/x/y/z
https://7minsec.teachable.com/courses/2053747/lectures/46224749
Describe the problem
A clear and concise description of what the bug is.
*i.e. "There's a typo on the third line" or "The second paragraph mentions a tool that's not there."
Instructions say hamburger icon is in upper right but it's in the upper left
Screenshots
If applicable, add screenshots to help explain your problem.
Where is the problem happening
Provide the Teachable curriculum URL that corresponds with the issue you're reporting.
i.e. https://7minsec.teachable.com/courses/x/y/z
https://7minsec.teachable.com/courses/2053747/lectures/46224759
Describe the problem
A clear and concise description of what the bug is.
*i.e. "There's a typo on the third line" or "The second paragraph mentions a tool that's not there."
When trying to run the reg query command in the instructions the impacket reg tool runs instead. It has different syntax so the command fails
To Reproduce
Steps to reproduce the behavior:
reg query HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest /v UseLogonCredential
Expected behavior
A clear and concise description of what you expected to happen.
Either the syntax in the instructions should be for the Impacket reg command or the standard windows reg command should run
Screenshots
If applicable, add screenshots to help explain your problem.
Updated: I agree to abide by the training scope and rules of engagement above and understand my training experience may be canceled, without refund, if these rules are violated.
Where is the problem happening
Provide the Teachable curriculum URL that corresponds with the issue you're reporting.
i.e. https://7minsec.teachable.com/courses/x/y/z
https://7minsec.teachable.com/courses/2053747/lectures/46224760
Describe the problem
A clear and concise description of what the bug is.
*i.e. "There's a typo on the third line" or "The second paragraph mentions a tool that's not there."
Instructions say 1. Open a command prompt
. But we are in a powershell remoting session. No need for this step.
Screenshots
If applicable, add screenshots to help explain your problem.
Where is the problem happening
Provide the Teachable curriculum URL that corresponds with the issue you're reporting.
i.e. https://7minsec.teachable.com/courses/x/y/z
https://7minsec.teachable.com/courses/2053747/lectures/46224760
Describe the problem
A clear and concise description of what the bug is.
*i.e. "There's a typo on the third line" or "The second paragraph mentions a tool that's not there."
The link to the "Deadliest Catch" show doesn't work.
Screenshots
If applicable, add screenshots to help explain your problem.
Where is the problem happening
Provide the Teachable curriculum URL that corresponds with the issue you're reporting.
i.e. https://7minsec.teachable.com/courses/x/y/z
https://7minsec.teachable.com/courses/2053747/lectures/46224760
Describe the problem
A clear and concise description of what the bug is.
*i.e. "There's a typo on the third line" or "The second paragraph mentions a tool that's not there."
The instructions say that I should receive an error when powershell remoting to tt-it01 using my student credentials. I didn't receive an error and remoting is working.
Screenshots
If applicable, add screenshots to help explain your problem.
Instructions
Actual
This tool looks promising....kind of like the "slinky" feature of CME:
Updated: ...Not sure if you’re missing something? As a quick recap, 24 hours before your start date (at the LATEST) you should have: ...
Where is the problem happening
Provide the Teachable curriculum URL that corresponds with the issue you're reporting.
i.e. https://7minsec.teachable.com/courses/x/y/z
https://7minsec.teachable.com/courses/2053747/lectures/46224760
Describe the problem
A clear and concise description of what the bug is.
*i.e. "There's a typo on the third line" or "The second paragraph mentions a tool that's not there."
When I ram mimikatz against the lsass dump I only got creds for the computer account. Not sure if there is supposed to be some automated account login that I should have captured. Or if you just manually do some login at this point for people to capture.
Where is the problem happening
Provide the Teachable curriculum URL that corresponds with the issue you're reporting.
i.e. https://7minsec.teachable.com/courses/x/y/z
https://7minsec.teachable.com/courses/2053747/lectures/46224723
Describe the problem
A clear and concise description of what the bug is.
*i.e. "There's a typo on the third line" or "The second paragraph mentions a tool that's not there."
instructions say "PT-DC01" actual server name is "tt-dc01"
Expected behavior
A clear and concise description of what you expected to happen.
names should be the same
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
Add any other context about the problem here.
Updated: I agree to abide by the training scope and rules of engagement above and understand my training experience may be canceled, without refund, if these rules are violated.
Where is the problem happening
Provide the Teachable curriculum URL that corresponds with the issue you're reporting.
i.e. https://7minsec.teachable.com/courses/x/y/z
https://7minsec.teachable.com/courses/2053747/lectures/46808970
Describe the problem
A clear and concise description of what the bug is.
*i.e. "There's a typo on the third line" or "The second paragraph mentions a tool that's not there."
The network is described as 10.0.7.0/x
but it should be 10.0.7.0/24
. Maybe you meant 10.0.7.x/24
Screenshots
If applicable, add screenshots to help explain your problem.
Updated: Let's learn a little about where we are, which might help us figure out where to go next:
Where is the problem happening
https://7minsec.teachable.com/courses/2053747/lectures/46224757
Describe the problem
Lab step is simply as follows:
But crackme.csv
is in the Mimikatz folder, hashcat.exe
is in a different folder, and even the rockyou.txt
file is in the Wordlists
folder.
If this is intentional to challenge students a bit, it's fine. Otherwise I'd recommend making the steps more explicit.
Like the "relay DA creds for super secret backdoor account with Enterprise Admin rights!" trick.
Updated: ...Not sure if you’re missing something? As a quick recap, 24 hours before your start date (at the LATEST) you should have: ...
Where is the problem happening
Provide the Teachable curriculum URL that corresponds with the issue you're reporting.
i.e. https://7minsec.teachable.com/courses/x/y/z
https://7minsec.teachable.com/courses/2053747/lectures/46224722
Describe the problem
A clear and concise description of what the bug is.
*i.e. "There's a typo on the third line" or "The second paragraph mentions a tool that's not there."
Minor issue and you don't need to fix this. BUT as a system admin this one always bugs me 😊. When running nslookup commands against the domain the Server is shown as "unknown" because there is no reverse lookup zone for the 10.0.7.0/24 network and no PTR record for the DNS server.
To Reproduce
Steps to reproduce the behavior:
cmd.exe
as instructednslookup -type=SRV _ldap._tcp.dc._msdcs.tangent.town
as instructedExpected behavior
A clear and concise description of what you expected to happen.
The reverse DNS lookup should complete and the name of the server that responded to the query should be displayed.
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
Add any other context about the problem here.
https://activedirectorypro.com/configure-dns-reverse-lookup-zones-ptr-records/
Where is the problem happening
Provide the Teachable curriculum URL that corresponds with the issue you're reporting.
i.e. https://7minsec.teachable.com/courses/x/y/z
https://7minsec.teachable.com/courses/2053747/lectures/46224759
Describe the problem
A clear and concise description of what the bug is.
*i.e. "There's a typo on the third line" or "The second paragraph mentions a tool that's not there."
Instructions reference PT-IT01 instead of TT-IT01
Screenshots
If applicable, add screenshots to help explain your problem.
Updated: Let’s see if the TT-DC01 domain controller, which is also a DNS server, will allow us to do a zone transfer (essentially a request to dump out ALL DNS records the server knows about).
Where is the problem happening
https://7minsec.teachable.com/courses/2053747/lectures/46224760
Describe the problem
At this point students are Domain Admin via , so the Enter-PSSession
command as written will actually work.
Expected behavior
As the lab step is written, this isn't supposed to work:
Recommendation
Write the lab step using one of the Domain User accounts (no privileges) found via Inveigh, like tangent\beverly
.
The curriculum itself needs to be written, and I can't seem to get Inveigh relay to work even if I follow guides like this one or this one.
Our pal Jeff McJunkin recommends trying out PortBender.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.