Road to OSCP: HTB Series: Active Writeup

Active (Easy) Machine on Hack-the-Box
Yeap Just rooted this box and I wanna write about it

Recon

Full Nmap Scan Results from AutoRecon

Information Gathering

SMBMap results from AutoRecon Usage
SMBMap listing contents of shares
Starting manual enumeration of Replication Share
File Contents of the files found in the Replication Share
Decrypting and getting the cleartext password for SVC_TGS user
Further Enumeration with new Creds
We see user.txt but we cannot touch it :(

Privilege Escalation

Using GetUserSPNs.py
Outputting result as a text file
cat JtR | sed 's/\$krb5tgs\$\(.*\):\(.*\)/\$krb5tgs\$23\$\*\1\*\$\2/'
Cracking the Hash with John The Ripper
Yes there is writeable and readable share!!!
Gained Root shell on Machine
Grabbed the flag for Root! Machine Owned!

Learning Points

--

--

--

OSCP | CTF Player | Penultimate Information System Student in SMU | Major in Cybersecurity

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Memorised - Word Memory Game Hack Free Resources Generator

Malware Detection Using Obfuscation Algorithm Techniques

We Can’t Talk About Privacy Without Developers

TESPOK’s Kenya Internet Exchange Point (KIXP) Data Traffic Scenario During The Coronavirus…

Managing Cybersecurity as a Business Strategy

Differences Between Vulnerability Scan, Penetration Testing and Assessment

An interesting question for Security Leadership/Architects

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Louis Low

Louis Low

OSCP | CTF Player | Penultimate Information System Student in SMU | Major in Cybersecurity

More from Medium

picoCTF: Static ain’t always noise

Throwback — Part 7 — THROWBACK-DC01, CORP-DC01, CORP-ADT01

HTB Write-up Jeeves (Windows) File Transferring with SMB file share(impacket tool), Poweshell &…

Offensive Security InfosecPrep Writeup