Posts: 78
Threads: 24
Joined: Nov 2023
Jab - Windows - Medium
Good luck everyone! Let's tackle this together!
https://app.hackthebox.com/machines/Jab
Posts: 28
Threads: 1
Joined: Jan 2024
(Feb 24, 2024, 04:18 PM)paven Wrote: Jab - Windows - Medium
Good luck everyone! Let's tackle this together!
https://app.hackthebox.com/machines/Jab
you are really ready for new box
Posts: 78
Threads: 24
Joined: Nov 2023
PORT STATE SERVICE
53/tcp open domain
88/tcp open kerberos-sec
135/tcp open msrpc
139/tcp open netbios-ssn
389/tcp open ldap
445/tcp open microsoft-ds
464/tcp open kpasswd5
593/tcp open http-rpc-epmap
636/tcp open ldapssl
3268/tcp open globalcatLDAP
3269/tcp open globalcatLDAPssl
5222/tcp open xmpp-client
5269/tcp open xmpp-server
7070/tcp open realserver
7443/tcp open oracleas-https
7777/tcp open cbt
Posts: 55
Threads: 2
Joined: Jul 2023
Feb 24, 2024, 07:12 PM
(This post was last modified: Feb 24, 2024, 07:13 PM by DataNinja.)
2024/02/24 13:07:35 > [+] VALID USERNAME: drew@jab.htb
2024/02/24 13:07:54 > [+] VALID USERNAME: jsmith@jab.htb
2024/02/24 13:08:04 > [+] VALID USERNAME: administrator@jab.htb
2024/02/24 13:08:08 > [+] VALID USERNAME: thanks@jab.htb
2024/02/24 13:08:18 > [+] VALID USERNAME: dsmith@jab.htb
2024/02/24 13:08:24 > [+] VALID USERNAME: jjones@jab.htb
2024/02/24 13:08:25 > [+] VALID USERNAME: dbrown@jab.htb
2024/02/24 13:08:34 > [+] VALID USERNAME: jscott@jab.htb
2024/02/24 13:08:48 > [+] VALID USERNAME: mbrown@jab.htb
2024/02/24 13:08:51 > [+] VALID USERNAME: jmartin@jab.htb
2024/02/24 13:08:52 > [+] VALID USERNAME: ssmith@jab.htb
2024/02/24 13:08:55 > [+] VALID USERNAME: rsmith@jab.htb
2024/02/24 13:08:55 > [+] VALID USERNAME: msmith@jab.htb
2024/02/24 13:09:03 > [+] VALID USERNAME: jmiller@jab.htb
2024/02/24 13:09:07 > [+] VALID USERNAME: bsmith@jab.htb
2024/02/24 13:09:09 > [+] VALID USERNAME: jwalker@jab.htb
2024/02/24 13:09:09 > [+] VALID USERNAME: jjohnson@jab.htb
2024/02/24 13:09:09 > [+] VALID USERNAME: jbrown@jab.htb
2024/02/24 13:09:16 > [+] VALID USERNAME: csmith@jab.htb
2024/02/24 13:09:18 > [+] VALID USERNAME: mjones@jab.htb
2024/02/24 13:09:21 > [+] VALID USERNAME: tbrown@jab.htb
2024/02/24 13:09:33 > [+] VALID USERNAME: jclark@jab.htb
2024/02/24 13:09:44 > [+] VALID USERNAME: gsmith@jab.htb
2024/02/24 13:09:45 > [+] VALID USERNAME: djones@jab.htb
2024/02/24 13:09:45 > [+] VALID USERNAME: chill@jab.htb
2024/02/24 13:09:45 > [+] VALID USERNAME: cdavis@jab.htb
2024/02/24 13:09:46 > [+] VALID USERNAME: bjones@jab.htb
2024/02/24 13:09:50 > [+] VALID USERNAME: kbrown@jab.htb
2024/02/24 13:09:51 > [+] VALID USERNAME: creed@jab.htb
2024/02/24 13:09:53 > [+] VALID USERNAME: Drew@jab.htb
2024/02/24 13:09:56 > [+] VALID USERNAME: ksmith@jab.htb
2024/02/24 13:09:56 > [+] VALID USERNAME: jdavis@jab.htb
2024/02/24 13:10:03 > [+] VALID USERNAME: asmith@jab.htb
2024/02/24 13:10:05 > [+] VALID USERNAME: sbrown@jab.htb
2024/02/24 13:10:07 > [+] VALID USERNAME: mdavis@jab.htb
2024/02/24 13:10:10 > [+] VALID USERNAME: callen@jab.htb
2024/02/24 13:10:13 > [+] VALID USERNAME: rmiller@jab.htb
2024/02/24 13:10:13 > [+] VALID USERNAME: rbrown@jab.htb
2024/02/24 13:10:15 > [+] VALID USERNAME: jwilliams@jab.htb
2024/02/24 13:10:18 > [+] VALID USERNAME: bwhite@jab.htb
2024/02/24 13:10:19 > [+] VALID USERNAME: bbrown@jab.htb
2024/02/24 13:10:24 > [+] VALID USERNAME: jtaylor@jab.htb
2024/02/24 13:10:26 > [+] VALID USERNAME: cjones@jab.htb
2024/02/24 13:10:26 > [+] VALID USERNAME: bmiller@jab.htb
2024/02/24 13:10:30 > [+] VALID USERNAME: sjones@jab.htb
2024/02/24 13:10:33 > [+] VALID USERNAME: jthomas@jab.htb
2024/02/24 13:10:47 > [+] VALID USERNAME: bjohnson@jab.htb
2024/02/24 13:10:52 > [+] VALID USERNAME: rjones@jab.htb
2024/02/24 13:10:54 > [+] VALID USERNAME: mjohnson@jab.htb
2024/02/24 13:10:54 > [+] VALID USERNAME: mharris@jab.htb
2024/02/24 13:10:55 > [+] VALID USERNAME: jgreen@jab.htb
2024/02/24 13:10:58 > [+] VALID USERNAME: cjohnson@jab.htb
2024/02/24 13:11:01 > [+] VALID USERNAME: teller@jab.htb
2024/02/24 13:11:03 > [+] VALID USERNAME: mthomas@jab.htb
2024/02/24 13:11:06 > [+] VALID USERNAME: dwilson@jab.htb
2024/02/24 13:11:07 > [+] VALID USERNAME: dmartin@jab.htb
2024/02/24 13:11:16 > [+] VALID USERNAME: jprice@jab.htb
2024/02/24 13:11:16 > [+] VALID USERNAME: jmurphy@jab.htb
2024/02/24 13:11:16 > [+] VALID USERNAME: jbaker@jab.htb
2024/02/24 13:11:16 > [+] VALID USERNAME: jallen@jab.htb
2024/02/24 13:11:18 > [+] VALID USERNAME: dtaylor@jab.htb
2024/02/24 13:11:18 > [+] VALID USERNAME: dlewis@jab.htb
2024/02/24 13:11:19 > [+] VALID USERNAME: cmiller@jab.htb
2024/02/24 13:11:24 > [+] VALID USERNAME: sjohnson@jab.htb
2024/02/24 13:11:29 > [+] VALID USERNAME: dwells@jab.htb
2024/02/24 13:11:29 > [+] VALID USERNAME: djohnson@jab.htb
2024/02/24 13:11:30 > [+] VALID USERNAME: ddavis@jab.htb
2024/02/24 13:11:31 > [+] VALID USERNAME: charris@jab.htb
2024/02/24 13:11:31 > [+] VALID USERNAME: breed@jab.htb
2024/02/24 13:11:32 > [+] VALID USERNAME: ajones@jab.htb
2024/02/24 13:11:39 > [+] VALID USERNAME: tthomas@jab.htb
2024/02/24 13:11:41 > [+] VALID USERNAME: scooper@jab.htb
2024/02/24 13:11:45 > [+] VALID USERNAME: kjones@jab.htb
2024/02/24 13:11:45 > [+] VALID USERNAME: jwright@jab.htb
2024/02/24 13:11:46 > [+] VALID USERNAME: jmoore@jab.htb
2024/02/24 13:11:48 > [+] VALID USERNAME: dmoore@jab.htb
2024/02/24 13:11:49 > [+] VALID USERNAME: dbaker@jab.htb
2024/02/24 13:11:51 > [+] VALID USERNAME: bdavis@jab.htb
2024/02/24 13:11:58 > [+] VALID USERNAME: sanderson@jab.htb
2024/02/24 13:11:59 > [+] VALID USERNAME: psmith@jab.htb
2024/02/24 13:12:00 > [+] VALID USERNAME: pbrown@jab.htb
2024/02/24 13:12:03 > [+] VALID USERNAME: jwilson@jab.htb
2024/02/24 13:12:03 > [+] VALID USERNAME: jturner@jab.htb
2024/02/24 13:12:03 > [+] VALID USERNAME: jroberts@jab.htb
2024/02/24 13:12:03 > [+] VALID USERNAME: jharris@jab.htb
2024/02/24 13:12:03 > [+] VALID USERNAME: jcarter@jab.htb
2024/02/24 13:12:04 > [+] VALID USERNAME: hsmith@jab.htb
2024/02/24 13:12:05 > [+] VALID USERNAME: fried@jab.htb
2024/02/24 13:12:06 > [+] VALID USERNAME: dnelson@jab.htb
2024/02/24 13:12:07 > [+] VALID USERNAME: cwhite@jab.htb
2024/02/24 13:12:07 > [+] VALID USERNAME: cmorris@jab.htb
2024/02/24 13:12:14 > [+] VALID USERNAME: tmiller@jab.htb
2024/02/24 13:12:14 > [+] VALID USERNAME: tjohnson@jab.htb
2024/02/24 13:12:15 > [+] VALID USERNAME: tdavis@jab.htb
2024/02/24 13:12:15 > [+] VALID USERNAME: ajohnson@jab.htb
2024/02/24 13:12:16 > [+] VALID USERNAME: sclark@jab.htb
2024/02/24 13:12:17 > [+] VALID USERNAME: rdavis@jab.htb
2024/02/24 13:12:19 > [+] VALID USERNAME: mwilson@jab.htb
2024/02/24 13:12:19 > [+] VALID USERNAME: myoung@jab.htb
2024/02/24 13:12:19 > [+] VALID USERNAME: mtaylor@jab.htb
2024/02/24 13:12:19 > [+] VALID USERNAME: mmartin@jab.htb
2024/02/24 13:12:20 > [+] VALID USERNAME: mallen@jab.htb
2024/02/24 13:12:20 > [+] VALID USERNAME: lsmith@jab.htb
2024/02/24 13:12:29 > [+] VALID USERNAME: bmartin@jab.htb
2024/02/24 13:12:36 > [+] VALID USERNAME: Administrator@jab.htb
2024/02/24 13:12:39 > [+] VALID USERNAME: sjames@jab.htb
2024/02/24 13:12:41 > [+] VALID USERNAME: rjohnson@jab.htb
2024/02/24 13:12:42 > [+] VALID USERNAME: radams@jab.htb
2024/02/24 13:12:44 > [+] VALID USERNAME: mjames@jab.htb
2024/02/24 13:12:45 > [+] VALID USERNAME: mgreen@jab.htb
2024/02/24 13:12:47 > [+] VALID USERNAME: jmorgan@jab.htb
2024/02/24 13:12:47 > [+] VALID USERNAME: jgarcia@jab.htb
2024/02/24 13:12:52 > [+] VALID USERNAME: flanders@jab.htb
Posts: 148
Threads: 2
Joined: Oct 2023
And many more, hundreds of usernames valid....
Posts: 231
Threads: 18
Joined: Jul 2023
mee too i think a smb can give us something
Posts: 40
Threads: 2
Joined: Jan 2024
Feb 24, 2024, 07:39 PM
(This post was last modified: Feb 24, 2024, 07:46 PM by thing7.)
Port 276/tcp being open and labeled as "ssl/jabber" suggests that the server running on this port is using SSL encryption for Jabber (XMPP) communication. Jabber, which is now commonly referred to as XMPP (Extensible Messaging and Presence Protocol), is an open-source communication protocol for message-oriented middleware based on XML (Extensible Markup Language).
http://10.129.230.45:7070/, likely corresponds to the HTTP Binding Service of an Openfire XMPP (Jabber) server. This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching.
Posts: 47
Threads: 4
Joined: Nov 2023
Feb 24, 2024, 08:33 PM
(This post was last modified: Feb 24, 2024, 08:35 PM by jahman.)
Hello,
I have two hashes but unable to crack it..
$krb5asrep$23$mlowe@JAB.HTB:95e02f44bd4ff5cedbc....a605
python GetUserSPNs.py -request -dc-ip $dc_ip -no-preauth mlowe -usersfile users.txt -dc-host $t $dc_domain/ |grep -v KDC_ERR_S_PRINCIPAL_UNKNOWN
Impacket v0.10.0 - Copyright 2023 Fortra
$krb5tgs$23$*frontdesk$JAB.HTB$frontdesk*$5fa.....005b50bd08a9a567c4c3d44378d8f23e6b049a9e25f5c5268b5819e
Posts: 30
Threads: 0
Joined: Feb 2024
Feb 24, 2024, 08:41 PM
(This post was last modified: Feb 24, 2024, 08:44 PM by 50nd4n4rk0.)
url: http://10.10.11.4:7070/ws
HTTP ERROR 405 HTTP method GET is not supported by this URL
URI: /ws
STATUS: 405
MESSAGE: HTTP method GET is not supported by this URL
SERVLET: org.jivesoftware.openfire.websocket.OpenfireWebSocketServlet-7ee83d43
Maybe it allows other requests like the post, I don't understand the examples of the page it redirects to
https://xmpp.org/extensions/xep-0124.html
Maybe this is interesting since I see a socks5 on port 7777
https://groups.google.com/g/strophe/c/fyArrwXelCw?pli=1This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.
Posts: 40
Threads: 2
Joined: Jan 2024
Feb 24, 2024, 08:57 PM
(This post was last modified: Feb 24, 2024, 08:58 PM by thing7.)
(Feb 24, 2024, 08:33 PM)jahman Wrote: Hello,
I have two hashes but unable to crack it..
$krb5asrep$23$mlowe@JAB.HTB:95e02f44bd4ff5cedbc....a605
python GetUserSPNs.py -request -dc-ip $dc_ip -no-preauth mlowe -usersfile users.txt -dc-host $t $dc_domain/ |grep -v KDC_ERR_S_PRINCIPAL_UNKNOWN
Impacket v0.10.0 - Copyright 2023 Fortra
$krb5tgs$23$*frontdesk$JAB.HTB$frontdesk*$5fa.....005b50bd08a9a567c4c3d44378d8f23e6b049a9e25f5c5268b5819e
did you use kerberos to extract the users names?
(Feb 24, 2024, 08:33 PM)jahman Wrote: Hello,
I have two hashes but unable to crack it..
$krb5asrep$23$mlowe@JAB.HTB:95e02f44bd4ff5cedbc....a605
python GetUserSPNs.py -request -dc-ip $dc_ip -no-preauth mlowe -usersfile users.txt -dc-host $t $dc_domain/ |grep -v KDC_ERR_S_PRINCIPAL_UNKNOWN
Impacket v0.10.0 - Copyright 2023 Fortra
$krb5tgs$23$*frontdesk$JAB.HTB$frontdesk*$5fa.....005b50bd08a9a567c4c3d44378d8f23e6b049a9e25f5c5268b5819e
did you use kerberos to extract the users names?
(Feb 24, 2024, 08:33 PM)jahman Wrote: Hello,
I have two hashes but unable to crack it..
$krb5asrep$23$mlowe@JAB.HTB:95e02f44bd4ff5cedbc....a605
python GetUserSPNs.py -request -dc-ip $dc_ip -no-preauth mlowe -usersfile users.txt -dc-host $t $dc_domain/ |grep -v KDC_ERR_S_PRINCIPAL_UNKNOWN
Impacket v0.10.0 - Copyright 2023 Fortra
$krb5tgs$23$*frontdesk$JAB.HTB$frontdesk*$5fa.....005b50bd08a9a567c4c3d44378d8f23e6b049a9e25f5c5268b5819e
did you use kerberos to extract the users names?
(Feb 24, 2024, 08:33 PM)jahman Wrote: Hello,
I have two hashes but unable to crack it..
$krb5asrep$23$mlowe@JAB.HTB:95e02f44bd4ff5cedbc....a605
python GetUserSPNs.py -request -dc-ip $dc_ip -no-preauth mlowe -usersfile users.txt -dc-host $t $dc_domain/ |grep -v KDC_ERR_S_PRINCIPAL_UNKNOWN
Impacket v0.10.0 - Copyright 2023 Fortra
$krb5tgs$23$*frontdesk$JAB.HTB$frontdesk*$5fa.....005b50bd08a9a567c4c3d44378d8f23e6b049a9e25f5c5268b5819e
did you use kerberos to extract the users names?
(Feb 24, 2024, 08:33 PM)jahman Wrote: Hello,
I have two hashes but unable to crack it..
$krb5asrep$23$mlowe@JAB.HTB:95e02f44bd4ff5cedbc....a605
python GetUserSPNs.py -request -dc-ip $dc_ip -no-preauth mlowe -usersfile users.txt -dc-host $t $dc_domain/ |grep -v KDC_ERR_S_PRINCIPAL_UNKNOWN
Impacket v0.10.0 - Copyright 2023 Fortra
$krb5tgs$23$*frontdesk$JAB.HTB$frontdesk*$5fa.....005b50bd08a9a567c4c3d44378d8f23e6b049a9e25f5c5268b5819e
did you use kerberos to extract the users names? This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching.
|
