Tags: SQLi、Hashcat、Ghauri、Cacti、CVE-2024-25641、Mysql、SSH_Proxy、Duplicati
As is common in real life Windows pentests, you will start this box with credentials for the following
account: rose / KxEPkKe6R8su
Recon & Enum
nmap -p- --min-rate 1000 -T4 -sC -sV -O -v sequel.htb
---
gobuster vhost --random-agent --append-domain -k -w /usr/share/seclists/Discovery/DNS/n0kovo_subdomains.txt -u 'http://[domain]'
---
type ..\Desktop\user.txt
gobuster dns -w /usr/share/seclists/Discovery/DNS/n0kovo_subdomains.txt -d [domain_name] -r [dns_ip]
---
gobuster dir -k --random-agent -w /usr/share/seclists/Discovery/Web-Content/combined_directories.txt -u 'http://[domain]'
---
gobuster dir -k --random-agent -w /usr/share/seclists/Discovery/Web-Content/combined_directories.txt -u 'http://[subdomain]'
---
ldapsearch -H "ldap://$IP" -x -s base namingcontexts
Shell as User1
Local Enum
...
[suid]
...
[server port]
...
Shell as User2
Local Enum
...
user2 (nopasswd)
...
duJSDJQW@123qwe1123
Shell as Root
type ..\Desktop\root.txt
More and More
这个靶机的主要难点,在于发现 XSS 漏洞后,如何进一步利用 …
Dump Hash
Exploit
Other
https://app.hackthebox.com/home https://app.hackthebox.com/machines https://app.hackthebox.com/challenges
duJSDJQW@123qwe1123
