https://originalflipster.com/tags/red-team/Recent content in Red Team on original.flipsterHugo -- gohugo.ioen© 2026Mon, 08 Sep 2025 00:00:00 +0000https://originalflipster.com/playbooks/kdbx-keepass-password-cracking/Mon, 08 Sep 2025 00:00:00 +0000https://originalflipster.com/playbooks/kdbx-keepass-password-cracking/Recently, I found myself stumbling upon a <code>.kdbx</code> (KeePass Database) file as part of a backup in a CTF and needed to crack the password to gain access to the secrets contained and consequently elevate my privileges. Problem was, that I couldn&rsquo;t get the hash in the right format for cracking it with <code>john</code>: <code>unsupported database file version (4)</code>. So, I built <code>keepass-rush</code> to do so myself.https://originalflipster.com/playbooks/dpapi-privilege-escalation/Mon, 01 Sep 2025 00:00:00 +0000https://originalflipster.com/playbooks/dpapi-privilege-escalation/<strong>DPAPI</strong> can be useful in situations when you got an initial foothold on a Windows host and are seeking to escalate your privileges. More specifically, we are talking a scenarios where your initial access user shares their home folder with a privileged account. This is a setup that is commonly found in Active Directory contexts, when a single person is operating with 2 distinct users, 1 for their everyday work and another one for dedicated administrative actions such as managing other users &amp; groups that required elevated privileges.