HackTheBox Admirer writeup
This machine is currently active on hackthebox wait until it gets retired or if you have owned it then you need to get the Administrator NTLM hash or the root password hash from the file /etc/shadow file
This machine is currently active on hackthebox wait until it gets retired or if you have owned it then you need to get the Administrator NTLM hash or the root password hash from the file /etc/shadow file
Steps: Nmap Scan. Enumerating user names. Exploiting Kerberos Decryption of hash.txt. Login with Evil-winrm(user) Uploading Blood hound Adding User to group. Escalating the privilages. DCSync attack via secretsdump Login with wmiexec.py(root) Tools used Impacket(GetNPUsers.py,ntlmrelayx.py ,secretsdump.py) Evil-winrm Bloodhound. Commands used nmap -sC -sV -oV 10.10.10.161 enum4linux -a 10.10.10.161 GetNPUsers.py HTB.local/ -usersfile /root/Desktop/htb/forest/user.txt -format john -outputfile hashes.txt … Read more