Intelligence - HacktheBox (OSCP Prep) - TJ Nulls
21Intelligence is a medium difficulty Windows machine that showcases a number of common attacks in an Active Directory environment. After retrieving internal PDF documents stored on the web server (by bruteforcing a common naming scheme) and inspecting their contents and metadata, which reveal a default password and a list of potential AD users, password spraying leads to the discovery of a valid user account,
granting initial foothold on the system. A scheduled PowerShell script that sends authenticated requests to web servers based on their hostname is discovered; by adding a custom DNS record, it is possible to force a request that can be intercepted to capture the hash of a second user, which is easily crackable. This user is allowed to read the password of a group managed service account, which in turn has constrained delegation access to the domain controller, resulting in a shell with administrative privileges.
Skills Required
- Enumeration
Password spraying
Password cracking
Basic Active Directory knowledge
------------------
Skills Learned
Source Code Review
ADIDNS abuse
ReadGMSAPassword abuse
Constrained delegation abuse
------------------
Tools
- manual enumeration
- netexec
- powershell
- bloodhound
- bloodhound-python
- neo4j
------------------
Certifications:
Practical Network Penetration Tester (PNPT) : TCM Security - https://certifications.tcm-sec.com/pnpt/
Practical Junior Penetration Tester (PJPT): TCM Security - https://certifications.tcm-sec.com/pjpt/
Practical Junior Web Tester (PJWT): TCM Security - https://certifications.tcm-sec.com/pjwt/
Certified Ethical Hacker (CEH): EC-Council
--------------------
Socials:
Tryhackme: https://tryhackme.com/p/NoxLumens
Hackthebox: https://app.hackthebox.com/profile/179139
Twitch: https://twitch.tv/noxlumens