Jump Ahead: Enum – User – Root – Resources TL;DR; To solve this machine we enumerate open ports – finding many ports associated with Active Directory to be open. Going to the website, we find a list of names on the about.html page. Using GetNPUsers.py, we are able to guess the username schema, and get […]
Jump Ahead: Enum – User – Root – Resources TL;DR; To solve this machine, we begin by enumerating open services – finding a ton of ports open. The FTP server allows anonymous authentication, from which we get 2 usernames and 2 files. One of the files tell of Passwords.txt on nathan‘s desktop. The webserver, which […]
Jump Ahead: Enum – Initial Creds – User – Root – Resources TL;DR; To solve this machine, we began by enumerating open services – finding only ports 445 and 4386 open. While enumerating SMB, we found credentials for the TempUser user. Using the credentials, we enumerated SMB once again. This time, we found hashed credentials […]