Hey guys, noob here and i just cant move ahead of nmap scan on this. Dont know what to do. Pls drop a small hint to give me some direction
nmap has more to offer than just simple port enumeration⌠try the included scripts to gather more info on found ports⌠and then google is your friend!
Well, I guess i shouldnât have chosen this machine to start my HTB journey, but after struggling with it for 3 days and using a couple of hints from this forum for the machine enumeration part, i actually managed to root it and i am so proud of that!
I pretty much managed to get all parts on my own, except for the machine enum part and i can tell for sure i would have never gotten that part on my own in a million years!
I am very much a beginner at this, and all the enum i know is from my VHL training and online checklists i got from random googling, and none of that helped me here, unless i missed something.
If someone could please DM me any resources / references to help me get better at the enum part for future reference, or that explain how you guys knew what you should look for that would be fantastic!!!
Thanks a lot for all the help! you guys are awesome!
Well, I guess i shouldnât have chosen this machine to start my HTB journey, but after struggling with it for 3 days and using a couple of hints from this forum for the machine enumeration part, i actually managed to root it and i am so proud of that!
Nice work! Welcome to HTB and I really hope you enjoy it here.
If someone could please DM me any resources / references to help me get better at the enum part for future reference, or that explain how you guys knew what you should look for that would be fantastic!!!
There isnât really a simple answer for that. Enumeration is sort of a term people use to mean âtrying stuff and seeing what turns upâ.
There general methodologies - used by tools like Linenum / WinPEAS etc - but I am not a huge fan of these and youâll discover they work on about 10% of HTB boxes. In real-world pentests they are often so noisy youâd struggle to justify using them.
At a very, very, basic level Enumeration for privesc is down to simply thinking of things to look at and then trying it. For example, Iâve seen lots of situations where sysadmins have left privileged credentials in web.config and unattended.xml files to support automation. Checking to see if any exist is a good enumeration step but - off the top of my head - Iâve never seen this work on an HTB box. However, the general principle off âLook for credentials in files related to automationâ is fairly useful.
Really - all enumeration is about looking at things and deciding if you can use them. I try to avoid noisy things like cd /; grep -ir password * because (for me) it becomes to hard to use the output. But more targeted things like searches for specific files is useful.
Also, a lot of enumeration is down to drawing conclusions - for example finding a service is suspended and also discovering your account has the privileges to modify that service gives you an idea how to exploit it.
Hi, Iâm already stuck with the flag files, someone can give me a hint how to decode the Sxxxxm.Sxxxxxxy.Sxxxxxxxxg. Iâve been trying for hours with Pxxxr Sxxxl with no results.
You need to be logged into the account of the owner of the password hash Administrator, and from there you use the powershell terminal to decode. pull me to DM
ââbâThe system cannot execute the specified program.\r\nâ'>â is what I am getting when trying to run the **.exe and ***4.exe using the program once the .exe is uploaded.
ââbâThe system cannot execute the specified program.\r\nâ'>â is what I am getting when trying to run the **.exe and ***4.exe using the program once the .exe is uploaded.
Anyone else had this issue?
It depends how you are trying to execute them.
Iâd try LaunchCommandWithOutput and call cmd then issue the commands you want to run as arguments.
The good news is that this box is retired now so if you get stuck you can read a write up.
ââbâThe system cannot execute the specified program.\r\nâ'>â is what I am getting when trying to run the **.exe and ***4.exe using the program once the .exe is uploaded.
Anyone else had this issue?
It depends how you are trying to execute them.
Iâd try LaunchCommandWithOutput and call cmd then issue the commands you want to run as arguments.
The good news is that this box is retired now so if you get stuck you can read a write up.
Thanks Taz, you seem to be really an active part of this forum and are helping me loads. I am trying to keep it to online research etc (no walkthroughs) but I think you can only do so much as a begginer.
Thanks Taz, you seem to be really an active part of this forum and are helping me loads.
I am glad to help.
I am trying to keep it to online research etc (no walkthroughs) but I think you can only do so much as a begginer.
Cool - I wouldnât worry too much about using a walkthrough, as long as you try to understand what it is doing, itâs pretty much the same as doing online research.