HTB-Resolute

Box Info OS Windows Difficulty Medium Nmap [root@kali] /home/kali/Resolute ❯ nmap Resolute.htb -sV -T4 PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 88/tcp open kerberos-sec Microsoft Windows Kerberos 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: megabank.local, Site: Default-First-Site-Name) 445/tcp open microsoft-ds Microsoft Windows Server 2008 R2 - 2012 microsoft-ds (workgroup: MEGABANK) 464/tcp open kpasswd5? 593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0 636/tcp open tcpwrapped 3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: megabank.local, Site: Default-First-Site-Name) 3269/tcp open tcpwrapped Service Info: Host: RESOLUTE; OS: Windows; CPE: cpe:/o:microsoft:windows 把megabank.local添加到**/etc/hosts** ...

2025年01月18日 · 3 分钟 · 1290 字 · HYH

HTB-Sauna

Box Info OS Windows Difficulty Easy Nmap [root@kali] /home/kali/Sauna ❯ nmap Sauna.htb -sV -T4 PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 80/tcp open http Microsoft IIS httpd 10.0 88/tcp open kerberos-sec Microsoft Windows Kerberos 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: EGOTISTICAL-BANK.LOCAL0., Site: Default-First-Site-Name) 445/tcp open microsoft-ds? 464/tcp open kpasswd5? 593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0 636/tcp open tcpwrapped 3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: EGOTISTICAL-BANK.LOCAL0., Site: Default-First-Site-Name) 3269/tcp open tcpwrapped 把EGOTISTICAL-BANK.LOCAL添加到**/etc/hosts** ...

2025年01月18日 · 3 分钟 · 1004 字 · HYH

HTB-EscapeTwo

Box Info OS Windows Difficulty Easy As is common in real life Windows pentests, you will start this box with credentials for the following account: rose / KxEPkKe6R8su Nmap root@kali: /home/kali/EscapeTwo ➜ nmap EscapeTwo.htb -sV -Pn -T4 Nmap scan report for EscapeTwo.htb PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 88/tcp open kerberos-sec Microsoft Windows Kerberos 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: sequel.htb0., Site: Default-First-Site-Name) 445/tcp open microsoft-ds? 464/tcp open kpasswd5? 593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0 636/tcp open ssl/ldap Microsoft Windows Active Directory LDAP (Domain: sequel.htb0., Site: Default-First-Site-Name) 1433/tcp open ms-sql-s Microsoft SQL Server 2019 15.00.2000 3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: sequel.htb0., Site: Default-First-Site-Name) 3269/tcp open ssl/ldap Microsoft Windows Active Directory LDAP (Domain: sequel.htb0., Site: Default-First-Site-Name) Service Info: Host: DC01; OS: Windows; CPE: cpe:/o:microsoft:windows SMB User Crack root@kali: /home/kali/EscapeTwo ➜ crackmapexec smb escapetwo.htb -u "rose" -p "KxEPkKe6R8su" --rid-brute | grep SidTypeUser SMB EscapeTwo.htb 445 DC01 500: SEQUEL\Administrator (SidTypeUser) SMB EscapeTwo.htb 445 DC01 501: SEQUEL\Guest (SidTypeUser) SMB EscapeTwo.htb 445 DC01 502: SEQUEL\krbtgt (SidTypeUser) SMB EscapeTwo.htb 445 DC01 1000: SEQUEL\DC01$ (SidTypeUser) SMB EscapeTwo.htb 445 DC01 1103: SEQUEL\michael (SidTypeUser) SMB EscapeTwo.htb 445 DC01 1114: SEQUEL\ryan (SidTypeUser) SMB EscapeTwo.htb 445 DC01 1116: SEQUEL\oscar (SidTypeUser) SMB EscapeTwo.htb 445 DC01 1122: SEQUEL\sql_svc (SidTypeUser) SMB EscapeTwo.htb 445 DC01 1601: SEQUEL\rose (SidTypeUser) SMB EscapeTwo.htb 445 DC01 1607: SEQUEL\ca_svc (SidTypeUser) SMB File Leak [root@kali] /home/kali/EscapeTwo ❯ smbclient -L //10.10.xx.xx -U rose Password for [WORKGROUP\rose]: Sharename Type Comment --------- ---- ------- Accounting Department Disk ADMIN$ Disk Remote Admin C$ Disk Default share IPC$ IPC Remote IPC NETLOGON Disk Logon server share SYSVOL Disk Logon server share Users Disk 在这个Accounting Department中存在表格文件 ...

2025年01月12日 · 4 分钟 · 1785 字 · HYH

Sherlocks-Takedown

Sherlock Scenario 我们在网络活动中发现了一个异常模式,表明可能存在安全漏洞。我们的团队怀疑我们的系统遭到未经授权的入侵,可能会泄露敏感数据。您的任务是调查此事件。 ...

2025年01月04日 · 2 分钟 · 713 字 · HYH

Sherlocks-BFT

Sherlock Scenario 在这个 Sherlock 中,您将熟悉 **MFT(主文件表)**取证。您将了解用于分析 MFT 工件以识别恶意活动的知名工具和方法。在我们的分析过程中,您将使用 MFTECmd 工具解析提供的 MFT 文件,使用 TimeLine Explorer 打开并分析解析的 MFT 的结果,并使用十六进制编辑器从 MFT 中恢复文件内容。 ...

2024年12月28日 · 3 分钟 · 1048 字 · HYH

Sherlocks-Unit42

Sherlock Scenario 在本 Sherlock 中,您将熟悉 Sysmon 日志和各种有用的 EventID,用于识别和分析 Windows 系统上的恶意活动。Palo Alto 的 Unit42 最近对 UltraVNC 活动进行了研究,其中攻击者利用 UltraVNC 的后门版本来维护对系统的访问。此实验室受该活动的启发,指导参与者完成活动的初始访问阶段。 ...

2024年12月25日 · 2 分钟 · 770 字 · HYH

HTB-Yummy

Box Info OS Linux Difficulty Hard Nmap [root@kali] /home/kali/Yummy ❯ nmap yummy.htb -sSCV -Pn -T4 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-12-23 16:55 CST Nmap scan report for yummy.htb (10.10.11.36) Host is up (0.095s latency). Not shown: 998 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 9.6p1 Ubuntu 3ubuntu13.5 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 a2:ed:65:77:e9:c4:2f:13:49:19:b0:b8:09:eb:56:36 (ECDSA) |_ 256 bc:df:25:35:5c:97:24:f2:69:b4:ce:60:17:50:3c:f0 (ED25519) 80/tcp open http Caddy httpd |_http-title: Yummy |_http-server-header: Caddy Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 11.45 seconds 开放端口:22、80 ...

2024年12月24日 · 6 分钟 · 2938 字 · HYH

HTB-UnderPass

Box Info OS Linux Difficulty Easy Nmap [root@kali] /home/kali/UnderPass ❯ nmap underpass.htb -sSCV -Pn -T4 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-12-22 11:26 CST Nmap scan report for underpass.htb (10.10.11.48) Host is up (0.12s latency). Not shown: 998 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.9p1 Ubuntu 3ubuntu0.10 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 48:b0:d2:c7:29:26:ae:3d:fb:b7:6b:0f:f5:4d:2a:ea (ECDSA) |_ 256 cb:61:64:b8:1b:1b:b5:ba:b8:45:86:c5:16:bb:e2:a2 (ED25519) 80/tcp open http Apache httpd 2.4.52 ((Ubuntu)) |_http-server-header: Apache/2.4.52 (Ubuntu) |_http-title: Apache2 Ubuntu Default Page: It works Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 22.04 seconds TCP开放端口:22、80 ...

2024年12月22日 · 4 分钟 · 1574 字 · HYH

Sherlocks-Reaper

Sherlock Scenario 我们的SIEM提醒我们注意一个需要立即查看的可疑登录事件。警报详细信息是IP地址和源工作站名称不匹配。您将收到事件时间范围内周围时间的网络捕获和事件日志。对给定的证据进行核化,并向SOC经理报告。 ...

2024年12月21日 · 3 分钟 · 1470 字 · HYH

HTB-Instant

Box Info OS Linux Difficulty Medium Nmap [root@kali] /home/kali/Instant ❯ nmap instant.htb -sSCV -Pn -T4 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-12-20 11:39 CST Nmap scan report for instant.htb (10.10.11.37) Host is up (0.097s latency). Not shown: 998 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 9.6p1 Ubuntu 3ubuntu13.5 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 31:83:eb:9f:15:f8:40:a5:04:9c:cb:3f:f6:ec:49:76 (ECDSA) |_ 256 6f:66:03:47:0e:8a:e0:03:97:67:5b:41:cf:e2:c7:c7 (ED25519) 80/tcp open http Apache httpd 2.4.58 |_http-title: Instant Wallet |_http-server-header: Apache/2.4.58 (Ubuntu) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 11.72 seconds 开放端口:22、80 ...

2024年12月20日 · 3 分钟 · 1227 字 · HYH