Smb

Blackfield is a good Windows Activity directory box, first we need exploit AS-REP-roasting we can reset another user’s password over RPC. With access to another share, We will found a bunch of process …

We are going to pwn Active from Hack The Box. Link: https://www.hackthebox.eu/home/machines/profile/148 Let’s Begin with our Initial Nmap Scan. Nmap Scan Results: PORT STATE SERVICE 53/tcp open domain 88/tcp open kerberos-sec 135/tcp open msrpc 139/tcp open netbios-ssn 389/tcp open ldap 445/tcp open microsoft-ds 464/tcp open kpasswd5 593/tcp open http-rpc-epmap 636/tcp open ldapssl 3268/tcp …

We are going to pwn Bastion from Hack The Box. Link: https://www.hackthebox.eu/home/machines/profile/186 Let’s Begin with our Initial Nmap Scan. Nmap Scan Results: PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH for_Windows_7.9 (protocol 2.0) | ssh-hostkey: | 2048 3a:56:ae:75:3c:78:0e:c8:56:4d:cb:1c:22:bf:45:8a (RSA) | 256 cc:2e:56:ab:19:97:d5:bb:03:fb:82:cd:63:da:68:01 (ECDSA) |_ 256 …

So anonymous is having log.txt in /backups which is readable.

Hack The Box - Blackfield

Hack The Box - Active

Hack The Box - Bastion

Vulnhub - Symfonos 2

Vulnhub - Symfonos 1