This machine is classified as Medium difficulty by Micah but may seem hard as it takes tons of enumeration against a domain controller with a webserver running. On the webserver, we will find a documents uploads folder, using its naming convention; we will brute for each and every uploaded document as their meta data contains usernames which eventually leads to getting a default password. We will password spray with the enumerated users and find one valid user....
This was classified as an easy box by eks and mrb3n on HackTheBox. We gain our foothold by enumerating SMB as it allows anonymous authentication. We find a few shares, one of which includes a username and encoded password. We will decode the password and use it to gain foothold. For the privilege escalation part, we will get the Kerberos ticket (Kerberoast), crack it and escalate to administrator. OS Difficulty IP Address Status Windows Easy 10....
This box was classified as an easy machine by L4mpje on HackTheBox. Enumerating the box, we will find a SMB share used for backup. We will mount it and find a virtual hard disk file, mount the .vhd, and dump the SAM and SYSTEM files; crack it to get our initial foothold. Enumerating to privilege escalate, we find a strange program, mRemoteNG, and it’s password can be decrypted with mRemoteNG Decryption Tool which will give us the Administrator password....