5/19/2023 0 Comments Kdbx file open![]() If you don’t know by know, I tend to gravitate towards web services first, so I’m going to start by poking at port 80 first: An IIS 10 service running on the default port 80, SMB open on the usual 445, and an interesting ‘Jetty’ web service running on port 50000. Let’s see what our initial Nmap scan brings up for us: GOAL: Obtain the user.txt and root.txt flags located within the target filesystem.As the final step, we’ll take this hash and utilize a ‘Pass-the-hash’ attack with PsExec. We’ll obtain initial access by exploiting an exposed Jenkins server that is insecurely configured, and escalate our privileges by cracking a password-protected Keepass Database file to obtain an Administrator password hash. Welcome back everyone! Today I’ll be documenting my process through the retired Hack the Box machine, ‘Jeeves’.
0 Comments
Leave a Reply. |