[osamy7593]

From OutputMessenger , you should open it from a windows machine with m.harris credentials . Then you will find a UserExplorer.exe . dnSpy will give you this informations

Damm i thought so, so i should install application and then connect but on which port as i tried on 14123 and it didn't worked?

Try 14121

now i'm in but no thing usefull u found ??

No... there are 2 databases in the Output Messenger directory, but as far as I can see, nothing interesting so far

i mean i'm in the app i see all chats

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed

[a44857437]

Damm i thought so, so i should install application and then connect but on which port as i tried on 14123 and it didn't worked?

Try 14121

now i'm in but no thing usefull u found ??

You can use the password for winrm_svc to winrm into the machine. 

No... there are 2 databases in the Output Messenger directory, but as far as I can see, nothing interesting so far

i mean i'm in the app i see all chats

[osamy7593]

sqlite3 OM.db3
SQLite version 3.46.0 2024-05-23 13:25:27
Enter ".help" for usage hints.
sqlite> ls
...> ;
Parse error: near "ls": syntax error
ls ;
^--- error here
sqlite> .tables
om_chatroom om_drive_files om_settings
om_chatroom_user om_escape_message om_user_master
om_custom_group om_notes om_user_photo
om_custom_group_user om_notes_user
om_custom_status om_preset_message
sqlite>

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed

[09ft]

did you cracked the hash

not yet, and for know i think maybe is not crackable

---

kerbrute

2024/08/31 15:51:58 >  [+] VALID USERNAME:      o.martinez@Infiltrator.htb
2024/08/31 15:51:58 >  [+] VALID USERNAME:      d.anderson@Infiltrator.htb
2024/08/31 15:51:58 >  [+] VALID USERNAME:      k.turner@Infiltrator.htb
2024/08/31 15:55:18 >  [+] l.clark has no pre auth required. Dumping hash to crack offline:
$krb5asrep$18$l.clark@Infiltrator.HTB:c035a4cecffc6109976fc610891f3825$36b1a6e4a0a86b5f07003a00536a1660db3a19f80da0067917a801b234257d978497fa12db7e14338261b4ba9b1c2ccf2201e4a2debf5773ad8453eee5da0e31344a2550fb8cdd10dcc55a3679d5980abe193f20c860c646caf9e3bb0dfe7c003d02807bc1880f408632350db7fc57c7b7e094a5057eb0c90c2875cf45db257d70c86a25cf0841012190349a98a8673eb5ead0e7ef44219fbee6121f4367e6aea89e07f5d3426a5f0162f5429f709fde03dcdf2de8a7c8e6cfaf0f3acf419bbc785a1885f2cde2fc710ed2bd9ca68c9f509bd680d4a0c44541e22ca34eeed6d3548093c0e667e5847413b147da6e073cef9c386c7ef0bef5fbfcd653d1eed73f7be4223122b4

Which userlist did you use for this? I didn't get any of those users when executing kerbrute.

i created my own list basing on www page from thos box

I cracked it the pass is: WAT?watismypass! but nothing interesting there. you can take a look.

what list did you use  ?

how did u got the hash >??

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Spamming (Copying other user's content) | https://breachforums.ai/Forum-Ban-Appeals if you feel this is incorrect.

[a44857437]

can anyone give me a hint on how to connect with the output messenger?
I've downloaded the unix client and try to connect with user k.turner@Infiltrator.htb and his pw in the AD description but the client stays on sing in...

Also how do you get the port forwarding to work?

Someone in the chat suggested using meterpreter and portforwarding and that works well

[09ft]

Steps for root? Someone mentioned decompile .exe and .dll I guess from the zips in C:\ProgramData\Output Message Server\Temp
?

mysql
and portforwarding

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Spamming (Copying other user's content) | https://breachforums.ai/Forum-Ban-Appeals if you feel this is incorrect.

[osamy7593]

Steps for root? Someone mentioned decompile .exe and .dll I guess from the zips in C:\ProgramData\Output Message Server\Temp
?

mysql
and portforwarding

after portforward now i'm in the chat but no thing usefull

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed

[09ft]

Steps for root? Someone mentioned decompile .exe and .dll I guess from the zips in C:\ProgramData\Output Message Server\Temp
?

mysql
and portforwarding

after portforward now i'm in the chat but no thing usefull

try with chisel

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Spamming (Copying other user's content) | https://breachforums.ai/Forum-Ban-Appeals if you feel this is incorrect.

[osamy7593]

man i i'm in the chat i already did port forward and downloaded the app and logged in as k.turner but no thing usefull .. what u found ?

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed

[osamy7593]

man i i'm in the chat i already did port forward and downloaded the app and logged in as k.turner but no thing usefull .. what u found ?

you can get MariaDB creds, portforward and login as root, then call the root flag. that's how I did it. I didn't get root shell

Where u got mariadb creds ?

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed