|
Analysis - HTB
by paven - Saturday January 20, 2024 at 01:22 PM
|
(Jan 20, 2024, 09:33 PM)ajasjas Wrote: It's a DC, it has a DNS server.... you brute force subdomains via DNS using the host as the resolver. If it exists it will resolve it, if not it will return NX or such. gobuster does this, every other tool for DNS bruteforcing does it too. I have one question. What if the target is not a DNS server, what custom DNS resolver we give in that case with Gobuster. Gateway IP ?
Jan 20, 2024, 10:00 PM
(Jan 20, 2024, 09:51 PM)Shalabi Wrote:this was the command I used is there sth wrong about it??(Jan 20, 2024, 09:47 PM)youssefm55 Wrote:(Jan 20, 2024, 09:33 PM)ajasjas Wrote: It's a DC, it has a DNS server.... you brute force subdomains via DNS using the host as the resolver. If it exists it will resolve it, if not it will return NX or such. gobuster does this, every other tool for DNS bruteforcing does it too. gobuster dns -d analysis.htb -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-20000.txt (Jan 20, 2024, 10:00 PM)youssefm55 Wrote:(Jan 20, 2024, 09:51 PM)Shalabi Wrote:this was the command I used is there sth wrong about it??(Jan 20, 2024, 09:47 PM)youssefm55 Wrote:(Jan 20, 2024, 09:33 PM)ajasjas Wrote: It's a DC, it has a DNS server.... you brute force subdomains via DNS using the host as the resolver. If it exists it will resolve it, if not it will return NX or such. gobuster does this, every other tool for DNS bruteforcing does it too. include -r DNSIP: PORT
Jan 20, 2024, 10:04 PM
(Jan 20, 2024, 10:02 PM)raiderado Wrote:(Jan 20, 2024, 10:00 PM)youssefm55 Wrote:(Jan 20, 2024, 09:51 PM)Shalabi Wrote:this was the command I used is there sth wrong about it??(Jan 20, 2024, 09:47 PM)youssefm55 Wrote:(Jan 20, 2024, 09:33 PM)ajasjas Wrote: It's a DC, it has a DNS server.... you brute force subdomains via DNS using the host as the resolver. If it exists it will resolve it, if not it will return NX or such. gobuster does this, every other tool for DNS bruteforcing does it too. ok great thanks bro
Jan 20, 2024, 10:20 PM
Found: www.analysis.htb
Found: internal.analysis.htb Found: domaindnszones.analysis.htb Found: forestdnszones.analysis.htb
Jan 20, 2024, 10:27 PM
(Jan 20, 2024, 10:20 PM)Art10n Wrote: Found: www.analysis.htbalso there is gc._msdcs.analysis.htb
Jan 20, 2024, 10:31 PM
list.php?name= is an injectable ldap query.
So far all I can do is get a few usernames, and enumerate a bunch of uninstersting ldap attributes. Guessing login form is also an ldap injection.
Jan 20, 2024, 10:49 PM
Jan 20, 2024, 10:54 PM
[+] VALID USERNAME: jdoe@analysis.htb
[+] VALID USERNAME: ajohnson@analysis.htb [+] VALID USERNAME: cwilliams@analysis.htb [+] VALID USERNAME: wsmith@analysis.htb [+] VALID USERNAME: jangel@analysis.htb [+] VALID USERNAME: technician@analysis.htb
Also anonymos login is eanbled in port 135 rpc.... use rpcclient
(Jan 20, 2024, 10:54 PM)Art10n Wrote: [+] VALID USERNAME: jdoe@analysis.htb how did u found this? |
|
« Next Oldest | Next Newest »
|
| Possibly Related Threads… | |||||
| Thread | Author | Replies | Views | Last Post | |
| [FREE] 300+ Writeups PDF HackTheBox/HTB premium retired | 370 | 92,402 |
5 hours ago Last Post: lifolifo007 |
||
| Hack the box Pro Labs, VIP, VIP+ 1 month free Method | 23 | 2,200 |
8 hours ago Last Post: kkkato |
||
| [FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags | 20 | 2,515 |
Yesterday, 11:06 PM Last Post: op334 |
||
|
[FREE] HackTheBox All Cheatsheets | 3 | 410 |
Yesterday, 10:36 PM Last Post: op334 |
|
| CBBH Write Ups | 22 | 6,237 |
Yesterday, 06:39 AM Last Post: Usercomplex |
||
