Posts for: #Ldap

HTB: Sauna

2023-10-10

ターゲット // Sauna
Platform	HTB
OS	Windows
Difficulty	Easy
IP	`10.129.93.188`

Enumeration

Nmap

▶ Nmap output

PORT      STATE SERVICE
53/tcp    open  domain
80/tcp    open  http
88/tcp    open  kerberos-sec
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
389/tcp   open  ldap
445/tcp   open  microsoft-ds
464/tcp   open  kpasswd5
593/tcp   open  http-rpc-epmap
636/tcp   open  ldapssl
3268/tcp  open  globalcatLDAP
3269/tcp  open  globalcatLDAPssl
5985/tcp  open  wsman
9389/tcp  open  adws

Classic AD box – Kerberos, LDAP, SMB, WinRM all present. Domain: EGOTISTICAL-BANK.LOCAL.

[]

PG: Hutch

2023-03-10

#offsec #proving-grounds #medium #windows #ldap #webdav #laps #printspoofer #active-directory

ターゲット // Hutch
Platform	OffSec Proving Grounds
OS	Windows
Difficulty	Medium
IP	`192.168.160.122`

Recon

Nmap

▶ Full nmap output

PORT     STATE SERVICE       VERSION
53/tcp   open  domain        Simple DNS Plus
80/tcp   open  http          Microsoft IIS httpd 10.0
88/tcp   open  kerberos-sec  Microsoft Windows Kerberos
135/tcp  open  msrpc         Microsoft Windows RPC
139/tcp  open  netbios-ssn   Microsoft Windows netbios-ssn
389/tcp  open  ldap          Microsoft Windows Active Directory LDAP (Domain: hutch.offsec0.)
445/tcp  open  microsoft-ds?
464/tcp  open  kpasswd5?
593/tcp  open  ncacn_http    Microsoft Windows RPC over HTTP 1.0
636/tcp  open  tcpwrapped
3268/tcp open  ldap          Microsoft Windows Active Directory LDAP (Domain: hutch.offsec0.)
3269/tcp open  tcpwrapped

This is a Windows Server 2019 domain controller (hutch.offsec).

[]