Shell as svc-alfrescoĪfter a lot of trial-and-error, I came across this cheatsheet. Users: sebastien, lucinda, svc-alfresco, andy, mark, santi. administrator, guest, krbtgt, domain admins, root, bin, none I also ran enum4linux and managed to get a list of the users on the box: enum4linux forest.htb Nmap done: 1 IP address (1 host up ) scanned in 161.13 this was a Windows AD server, there were a lot of open ports. Service Info: Host: FOREST OS: Windows CPE: cpe:/o:microsoft:windows ![]() If you know the service/version, please submit the following fingerprint at : Nmap scan report for forest.htb (10.10.10.161 )Ĩ8/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 13:18:31Z )ġ39/tcp open netbios-ssn Microsoft Windows netbios-ssnģ89/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: htb.local, Site: Default-First-Site-Name )Ĥ45/tcp open microsoft-ds Microsoft Windows Server 2008 R2 - 2012 microsoft-ds (workgroup: HTB )ĥ93/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0ģ268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: htb.local, Site: Default-First-Site-Name )ġ service unrecognized despite returning data. Without further ado, let’s jump right in! Scanning & User EnumerationĪ light nmap scan was enough to get me started: nmap -sV forest.htb -oN scan.txt ![]() Its IP address is ‘10.10.10.161’ and I added it to ‘/etc/hosts’ as ‘forest.htb’. Being my first AD box, I spent more than 20 hours on the root part, but I learned a lot of new things.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |