HTB-Administrator
Box Info OS Windows Difficulty Medium As is common in real life Windows pentests, you will start the Administrator box with credentials for the following account: Username: Olivia Password: ichliebedich Nmap ┌──(root㉿kali)-[/home/kali/Administrator] └─# nmap -sSCV -Pn administrator.htb Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-12-05 15:51 CST Nmap scan report for administrator.htb (10.10.11.42) Host is up (0.072s latency). Not shown: 988 closed tcp ports (reset) PORT STATE SERVICE VERSION 21/tcp open ftp Microsoft ftpd | ftp-syst: |_ SYST: Windows_NT 53/tcp open domain Simple DNS Plus 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2024-12-05 14:37:40Z) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: administrator.htb0., Site: Default-First-Site-Name) 445/tcp open microsoft-ds? 464/tcp open kpasswd5? 593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0 636/tcp open tcpwrapped 3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: administrator.htb0., Site: Default-First-Site-Name) 3269/tcp open tcpwrapped Service Info: Host: DC; OS: Windows; CPE: cpe:/o:microsoft:windows Host script results: | smb2-security-mode: | 3:1:1: |_ Message signing enabled and required |_clock-skew: 6h46m00s | smb2-time: | date: 2024-12-05T14:37:51 |_ start_date: N/A Crackmapexec 通过SMB服务,获取到了当前存在的用户信息 ...