Jump Ahead: Enum – Initial Creds – User – Root – Resources TL;DR; To solve this machine, we began by enumerating open services – finding only ports 445 and 4386 open. While enumerating SMB, we found credentials for the TempUser user. Using the credentials, we enumerated SMB once again. This time, we found hashed credentials […]
Jump Ahead: Enum – Initial Access – User – Root – Resources TL;DR; To solve this machine, we begin by enumerating services with nmap – only finding ports 22 and 80 open. We enumerate the webserver, eventually getting forwarded to http://10.10.10.171/ona/ – OpenNetAdmin. This version is vulnerable to Remote Code Execution, so we exploit this […]
Jump Ahead: Enum – Initial Access – User – Root – Resources TL;DR; To solve this machine, we begin by enumerating open services – finding ports 22 & 80 to be open. The webserver is nostromo version 1.9.6, which we learn is vulnerable to remote code execution. Exploiting this, we get access to the machine […]