JOIN BREACHFORUMS NEW TELEGRAM
HTB - Blazorized
by bmoon10 - Saturday June 29, 2024 at 07:00 PM
Breached
Member
Posts: 3
Threads: 0
Joined: Jun 2024
Reputation: 0
#161
Jul 05, 2024, 12:59 PM (This post was last modified: Jul 05, 2024, 01:00 PM by breachofficial.)
(Jul 05, 2024, 11:56 AM)Abdo000 Wrote:
(Jul 05, 2024, 10:18 AM)breachofficial Wrote:
(Jul 05, 2024, 12:23 AM)Abdo000 Wrote:
(Jul 04, 2024, 11:24 PM)breachofficial Wrote: mimikatz.exe is not executing while .\mimikatz.exe lags the shell and then i have to recreate the session (Even tho I have spawned the shell with msfconsole)
payload:- windows/x64/reverse_tcp

are u sure about this payload

Should I use the meterpreter one??

What type of hash is this f55ed1465179ba374ec1cad05b34a5f3

You got the hash now you can login into the administrator using evil-winrm (use -H instead of -p)
Reply
Breached
Member
Posts: 4
Threads: 0
Joined: Mar 2024
Reputation: 0
#162
Jul 05, 2024, 01:02 PM
(Jul 05, 2024, 12:59 PM)breachofficial Wrote:
(Jul 05, 2024, 11:56 AM)Abdo000 Wrote:
(Jul 05, 2024, 10:18 AM)breachofficial Wrote:
(Jul 05, 2024, 12:23 AM)Abdo000 Wrote:
(Jul 04, 2024, 11:24 PM)breachofficial Wrote: mimikatz.exe is not executing while .\mimikatz.exe lags the shell and then i have to recreate the session (Even tho I have spawned the shell with msfconsole)
payload:- windows/x64/reverse_tcp

are u sure about this payload

Should I use the meterpreter one??

What type of hash is this f55ed1465179ba374ec1cad05b34a5f3

You got the hash now you can login into the administrator using evil-winrm (use -H instead of -p)
thanks bro
Reply
Breached
Member
Posts: 30
Threads: 2
Joined: Apr 2024
Reputation: 0
#163
Jul 05, 2024, 10:02 PM
Can anyone help me what to do after blazorized\rsa_4810
Reply
Breached
Member
Posts: 48
Threads: 1
Joined: Aug 2023
Reputation: 0
#164
Jul 07, 2024, 06:19 AM
This was an insane box for me
Reply
Breached
Member
Posts: 4
Threads: 0
Joined: Aug 2024
Reputation: 0
#165
Oct 11, 2024, 09:51 PM
(Jun 30, 2024, 10:57 AM)jeff1998 Wrote:
ObjectDN                : CN=SSA_6010,CN=Users,DC=blazorized,DC=htb
AceQualifier            : AccessAllowed
ActiveDirectoryRights  : WriteProperty
ObjectAceType          : Script-Path
AceFlags                : None
AceType                : AccessAllowedObject
InheritanceFlags        : None
SecurityIdentifier      : S-1-5-21-2039403211-964143010-2924010611-1107
IdentityReferenceName  : RSA_4810
IdentityReferenceDomain : blazorized.htb
IdentityReferenceDN    : CN=RSA_4810,CN=Users,DC=blazorized,DC=htb
IdentityReferenceClass  : user

Well, we are allowed to write a Script-Path for SSA_6010. Theoretically, after we inject the script, it will execute when SSA_6010 logs in to DC. The problem is, I have been waiting for 10 minutes already, and there has been no login activity from SSA_6010. I don't know if this is a rabbit hole or if we need another technique to enforce SSA_6010 to log in to DC.

Hey!, how did you dump this ACE? Did you use PowerView?
Reply
GOD User
God
Posts: 75
Threads: 5
Joined: Sep 2024
Reputation: 62

GOD
#166
Oct 22, 2024, 11:26 PM
You have to love it - when evil-winrm comes in for the win for the revshell !

What a fun little box that was!
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
Heart [FREE] HackTheBox All Cheatsheets Tamarisk 29 1,783 1 hour ago
Last Post: mus1c0
  [MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot htb-bot 105 10,059 2 hours ago
Last Post: mus1c0
  [FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags Techtom 52 4,401 4 hours ago
Last Post: 0xdarkdharma
  [FREE] 300+ Writeups PDF HackTheBox/HTB premium retired Tamarisk 395 98,844 4 hours ago
Last Post: 0xdarkdharma
  [FREE] CPTS 12 FLAGS pulsebreaker 96 4,529 7 hours ago
Last Post: pokehim

Forum Jump:


 Users browsing this forum: 1 Guest(s)