Return to forum
Hathor - HTB [Discussion]
by - Thursday, January 1, 1970 at 12:00 AM
Member
Member
Posts: 6
Threads: 0
Joined: N/A
Reputation: 0

#31
April 20, 2022 at 2:28 PM
(April 20, 2022, 02:21 PM)___user___ Wrote:
(April 20, 2022, 02:13 PM)meta Wrote:
(April 20, 2022, 01:47 PM)___user___ Wrote: any one know how to dump all the users,computer,domain for blood-hound.

i used bloodhound-python and ldapdomaindump both showing invalid cred


I couldn't get bloodhound-python to work either.
But ldapdomaindump works with --authtype SIMPLE.


thanks man. did u find the next step?


I haven't.
Reply
Member
Member
Posts: 30
Threads: 0
Joined: N/A
Reputation: 0

#32
April 20, 2022 at 5:02 PM
https://synisl33t.com/2022/04/20/htb-hathor/

Protected Write-up
Reply
Member
Member
Posts: 18
Threads: 0
Joined: N/A
Reputation: 0

#33
April 20, 2022 at 7:38 PM
(April 20, 2022, 05:02 PM)___user___ Wrote: https://synisl33t.com/2022/04/20/htb-hathor/

Protected Write-up


Anyone can share password please? (hash)
Thanks.
Reply
Member
Member
Posts: 30
Threads: 0
Joined: N/A
Reputation: 0

#34
April 21, 2022 at 9:16 AM
Any one know the next step?
Reply
Banned
Posts: 48
Threads: 0
Joined: N/A
Reputation: 0

#35
April 21, 2022 at 1:06 PM
Really annoying to stuck after getting a spawn shell .... winrm seems to be enabled but  with password spraying i can't login with those creds ...
i think the next step is to impersonificate one of those users : AbbyMurr GinaWild or BeatriceMill
Reply
Member
Member
Posts: 30
Threads: 0
Joined: N/A
Reputation: 0

#36
April 21, 2022 at 2:40 PM
(April 21, 2022, 01:06 PM)cavour12 Wrote: Really annoying to stuck after getting a spawn shell .... winrm seems to be enabled but  with password spraying i can't login with those creds ...
i think the next step is to impersonificate one of those users : AbbyMurr GinaWild or BeatriceMill


Ur right. Next step is impersonate user. We can use BeatriceMill cred which we got from Csvs . I found some script asp and c# . I am searching for powershell script.
Reply
Banned
Posts: 48
Threads: 0
Joined: N/A
Reputation: 0

#37
April 21, 2022 at 4:50 PM
(April 21, 2022, 02:40 PM)___user___ Wrote:
(April 21, 2022, 01:06 PM)cavour12 Wrote: Really annoying to stuck after getting a spawn shell .... winrm seems to be enabled but  with password spraying i can't login with those creds ...
i think the next step is to impersonificate one of those users : AbbyMurr GinaWild or BeatriceMill


Ur right. Next step is impersonate user. We can use BeatriceMill cred which we got from Csvs . I found some script asp and c# . I am searching for powershell script.

 You mean we have to upload some asp for pwning BeatriceMill?
Reply
BreachForums User
VIP
Posts: 213
Threads: 0
Joined: N/A
Reputation: 56

#38
April 21, 2022 at 6:49 PM
(April 21, 2022, 04:50 PM)cavour12 Wrote:
(April 21, 2022, 02:40 PM)___user___ Wrote:
(April 21, 2022, 01:06 PM)cavour12 Wrote: Really annoying to stuck after getting a spawn shell .... winrm seems to be enabled but  with password spraying i can't login with those creds ...
i think the next step is to impersonificate one of those users : AbbyMurr GinaWild or BeatriceMill


Ur right. Next step is impersonate user. We can use BeatriceMill cred which we got from Csvs . I found some script asp and c# . I am searching for powershell script.

 You mean we have to upload some asp for pwning BeatriceMill?


This looks promising:

https://docs.microsoft.com/en-US/troubleshoot/developer/webapps/aspnet/development/implement-impersonation
Reply
Member
Member
Posts: 30
Threads: 0
Joined: N/A
Reputation: 0

#39
April 22, 2022 at 4:58 AM
(April 21, 2022, 04:50 PM)cavour12 Wrote:
(April 21, 2022, 02:40 PM)___user___ Wrote:
(April 21, 2022, 01:06 PM)cavour12 Wrote: Really annoying to stuck after getting a spawn shell .... winrm seems to be enabled but  with password spraying i can't login with those creds ...
i think the next step is to impersonificate one of those users : AbbyMurr GinaWild or BeatriceMill


Ur right. Next step is impersonate user. We can use BeatriceMill cred which we got from Csvs . I found some script asp and c# . I am searching for powershell script.

 You mean we have to upload some asp for pwning BeatriceMill?

Yes.  I have tried alot. None of it working for me. Also I ran runas one-liner it's just asking password again.

(April 21, 2022, 06:49 PM)Exa Wrote:
(April 21, 2022, 04:50 PM)cavour12 Wrote:
(April 21, 2022, 02:40 PM)___user___ Wrote:
(April 21, 2022, 01:06 PM)cavour12 Wrote: Really annoying to stuck after getting a spawn shell .... winrm seems to be enabled but  with password spraying i can't login with those creds ...
i think the next step is to impersonificate one of those users : AbbyMurr GinaWild or BeatriceMill


Ur right. Next step is impersonate user. We can use BeatriceMill cred which we got from Csvs . I found some script asp and c# . I am searching for powershell script.

 You mean we have to upload some asp for pwning BeatriceMill?


This looks promising:

https://docs.microsoft.com/en-US/troubleshoot/developer/webapps/aspnet/development/implement-impersonation

I have tried this. Not working for me.  Anyone find a way to impersonate?
Reply
BreachForums User
VIP
Posts: 213
Threads: 0
Joined: N/A
Reputation: 56

#40
April 22, 2022 at 12:36 PM
net view \\hathor shows a share which can be mounted as the BM user. There is some interesting stuff on it.
Reply


 Users viewing this thread: Hathor - HTB [Discussion]: No users currently viewing.