xone 2 months ago

Vintage HTB Writeup | HacktheBox

In this walkthrough, we will explore the step-by-step process to solve the Vintage machine from HackTheBox. This machine simulates a real-life Active Directory (AD) pentest scenario, requiring us to leverage various tools and techniques to uncover vulnerabilities and gain access. With credentials provided, we'll initiate the attack and progress towards escalating privileges.

Machine Information

As is common in many real-world scenarios, we start with initial credentials for an account. These credentials are:

  • Username: P.Rosa
  • Password: Rosaisbest123

These credentials allow us to authenticate to the target machine and explore further.

Tools Needed

To solve this machine effectively, you'll need to install and set up the following tools:

  • Evil-WinRM

Used for remote command execution on Windows machines.

apt install -y evil-winrm
  • John the Ripper (John)

A password cracking tool to analyze and exploit password hashes.

apt install -y john
  • Pipx

A tool for managing Python-based applications.

pipx ensurepath
  • DNSChef

A DNS proxy to intercept and modify DNS requests.

git clone https://github.com/iphelix/dnschef
  • Impacket Suite

A collection of tools for working with SMB, LDAP, and other network protocols.

pipx install git+https://github.com/fortra/impacket
  • NetExec

A tool to execute commands remotely.

pipx install git+https://github.com/Pennyw0rth/NetExec
  • Pre2k

A tool for Pre-Windows 2000 compatibility enumeration.

pipx install git+https://github.com/garrettfoster13/pre2k
  • BloodyAD

Active Directory enumeration and exploitation tool.

pipx install git+https://github.com/CravateRouge/bloodyAD
  • Kerbrute

A Kerberos brute-forcing tool to enumerate user accounts and passwords.

Download and set executable permissions:

wget https://github.com/ropnop/kerbrute/releases/download/v1.0.3/kerbrute_linux_amd64
chmod +x kerbrute_linux_amd64

With the tools set up and credentials in hand, we are ready to begin our attack on the Vintage machine.


nmap -v -sCTV -p- -T4 -Pn -oN $IP.txt $IP


Not shown: 65515 filtered tcp ports (no-response)
PORT      STATE SERVICE       VERSION
53/tcp    open  domain        Simple DNS Plus
88/tcp    open  kerberos-sec  Microsoft Windows Kerberos (server time: 2024-12-04 10:20:40Z)
135/tcp   open  msrpc         Microsoft Windows RPC
139/tcp   open  netbios-ssn   Microsoft Windows netbios-ssn
389/tcp   open  ldap          Microsoft Windows Active Directory LDAP (Domain: vintage.htb0., Site: Default-First-Site-Name)
445/tcp   open  microsoft-ds?
464/tcp   open  kpasswd5?
593/tcp   open  ncacn_http    Microsoft Windows RPC over HTTP 1.0
636/tcp   open  tcpwrapped
3268/tcp  open  ldap          Microsoft Windows Active Directory LDAP (Domain: vintage.htb0., Site: Default-First-Site-Name)
3269/tcp  open  tcpwrapped
5985/tcp  open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Not Found
9389/tcp  open  mc-nmf        .NET Message Framing
49664/tcp open  msrpc         Microsoft Windows RPC
49668/tcp open  msrpc         Microsoft Windows RPC
49670/tcp open  ncacn_http    Microsoft Windows RPC over HTTP 1.0
59282/tcp open  msrpc         Microsoft Windows RPC
59287/tcp open  msrpc         Microsoft Windows RPC
59306/tcp open  msrpc         Microsoft Windows RPC
60688/tcp open  msrpc         Microsoft Windows RPC
Service Info: Host: DC01; OS: Windows; CPE: cpe:/o:microsoft:windows


Host script results:
| smb2-time: 
|   date: 2024-12-04T10:21:37
|_  start_date: N/A
|_clock-skew: -3m40s
| smb2-security-mode: 
|   3:1:1: 
|_    Message signing enabled and required


Let's add administrator.htb to the /etc/hosts file:

echo "10.10.x.x vintage.htb dc01.vintage.htb" | sudo tee -a /etc/hosts
Access is restricted by HackTheBox rules#
The solution to the problem can be published in the public domain after her retirement.
Look for a non-public solution to the problem in the telegram channel .
0
1.4K
find command CheatSheet

find command CheatSheet

defaultuser.png
lazyhacker
1 year ago
How Computer Viruses Operate

How Computer Viruses Operate

https://lh3.googleusercontent.com/a/ACg8ocIkM8EGIx0gz9GUP_nM6_sMxivr6876Wp0e9MAp6mGc=s96-c
xone
10 months ago
Certified  HTB Writeup | HacktheBox

Certified HTB Writeup | HacktheBox

https://lh3.googleusercontent.com/a/ACg8ocIkM8EGIx0gz9GUP_nM6_sMxivr6876Wp0e9MAp6mGc=s96-c
xone
1 month ago
Mist HTB Writeup | HacktheBox

Mist HTB Writeup | HacktheBox

https://lh3.googleusercontent.com/a/ACg8ocIkM8EGIx0gz9GUP_nM6_sMxivr6876Wp0e9MAp6mGc=s96-c
xone
10 months ago
Cyber Security Useful Links

Cyber Security Useful Links

defaultuser.png
lazyhacker
1 year ago