Posts for: #Writedacl

HTB: Reel

#htb  #hard  #windows  #active-directory  #phishing  #rtf  #cve-2017-0199  #pscredential  #writeowner  #writedacl  #acl-abuse 
ターゲット // Reel
PlatformHTB
OSWindows
DifficultyHard
IP10.129.50.115

Enumeration

Nmap

▶ Nmap output
PORT    STATE SERVICE
21/tcp  open  ftp
22/tcp  open  ssh
25/tcp  open  smtp
135/tcp open  msrpc
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds
593/tcp open  http-rpc-epmap

FTP + SMTP on a Windows AD box – this screams phishing.

[]

HTB: Forest

#htb  #easy  #windows  #as-rep-roasting  #bloodhound  #dcsync  #writedacl  #active-directory 
ターゲット // Forest
PlatformHTB
OSWindows
DifficultyEasy
IP10.129.157.109

Recon

Standard AD box – DNS, Kerberos, LDAP, SMB all present. Domain: htb.local.

Enumeration

Nmap

▶ Nmap output
PORT      STATE SERVICE
53/tcp    open  domain
88/tcp    open  kerberos-sec
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
389/tcp   open  ldap
445/tcp   open  microsoft-ds
464/tcp   open  kpasswd5
593/tcp   open  http-rpc-epmap
636/tcp   open  ldapssl
3268/tcp  open  globalcatLDAP
3269/tcp  open  globalcatLDAPssl
5985/tcp  open  wsman
9389/tcp  open  adws
47001/tcp open  winrm

OS: Windows Server 2016 Standard 14393 x64

[]