Enumeration Nmap From the Nmap scan, we can see that the target has various TCP ports open, including 53 (DNS), 80 (HTTP), 88 (Kerberos), 389 (LDAP), 445 (SMB), and 5985 (WinRM). It’s worth noting that the target is part of an Active Directory domain called intelligence.htb, and we can see a hostname for the domain… Continue reading Hack the Box: Intelligence
Tag: Windows
Hack the Box: Escape
Enumeration Nmap Based on the Nmap scan, it appears that the target has various TCP ports open, including 53 (DNS), 88 (Kerberos), 389 (LDAP), 445 (SMB), 1433 (MSSQL), and 5985 (WinRM). It’s worth noting that the target is a part of a domain called sequel.htb, and we can see a hostname for the domain controller… Continue reading Hack the Box: Escape
Hack the Box: Remote
Enumeration Nmap From the Nmap scan, we can see that the target has among other things TCP ports 21 (FTP), 80 (HTTP), 111 (RPC), and 445 (SMB) open. The target has a Windows operating system. From the Nmap’s script results, we can see that anonymous FTP login is allowed. FTP Successfully logged to the FTP… Continue reading Hack the Box: Remote
Hack the Box: Timelapse
Enumeration Nmap The Nmap scan shows among other things that TCP ports 53 (DNS), 88 (Kerberos), 445 (SMB), and 5986 (WinRM with SSL) are open on the target. Target is part of an Active Directory domain called timelapse.htb; the computer name is DC01. SMB With Smbclient we were able to list the available shares using… Continue reading Hack the Box: Timelapse
TryHackMe: Gatekeeper
Enumeration Nmap The Nmap scan shows that among other things ports 139 (NetBIOS), 445 (SMB), 3389 (RDP), and port 31337 (“Elite”) are open on the target. The target has a Windows 7 Professional 7601 Service Pack 1 operating system. SMB Utilizing smbclient with null login, we were able to list available shares. Successfully gained access… Continue reading TryHackMe: Gatekeeper
Hack the Box: Buff
Enumeration Nmap The Nmap scan shows that Apache server with PHP version 7.4.6 is running on port 8080 on the target. HTTP On navigating to port 8080, we can see a fitness website. From the page http://10.10.10.198:8080/contact.php we can see that the web application is using Gym Management Software 1.0. Exploitation Using SearchSploit we can… Continue reading Hack the Box: Buff