Heist (HackTheBox)

NMAP

Website Enumeration

On port 80 , we have a website that needs a credentials but we don’t know credentials so first step that we need to follow is log in as guest and see what attachment has inside.

User Enumeration/AD

“lookupsid.py” is a very good python script to brute force usernames. I’m using it because I have credentials for one of the users.

Privilege Escalation

I might be the worst person about Windows Privilege Escalation but first thing first I always run the “ps” command to see running services. I saw firefox and I think it must be useful for dump some creds.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Baron

Baron

Purple Team — eJPT & eCPTTv2 & Security+ , CEH!