Dare I say this box was easy?  Maybe not for everyone, of course, but I will say this could be the quickest HtB box I've ever rooted.  There's a little bit of hunting and a little be of creativity required.  Aside from that, take a look at what's in your hand and do some Googling, you can figure this one out quickly.

    We kick off with Nmap:


    I've written a few scripts in PowerShell to perform various tasks for clients and I usually end up with a batch file or some instructions on how to overcome the problem with "execution of scripts" or the various signing errors.  Regardless of whether it's opened with an elevated prompt or not, when you attempt to execute a PowerShell script, you get the following:


    I'm not even sure how I ended up down this rabbit hole but I strayed off the path for a talk that I'm giving next month.  I'm trying to show how to leverage PowerShell into doing the many things we do with various tools.  To some degree, you don't really need those tools. 

    So this doesn't pluck the credentials out of memory or from the file system, we're going the old fashioned way -- we're tricking the user.  Imagine this -- a user is trying to work and Windows continues to prompt them for their credentials.  Will they ignore it?  No, they will enter their credentials. 

    If you're on the local machine performing this trick, you don't need to specify domain\username.  However, if you end up on this machine through other means -- say Responder, you'll want to use the domain\username because it will throw an error prior to spawning the credential prompt.  Maybe that's not a bad thing but I'd rather do without it. 


    Spending New Years Eve on Hack the Box is perhaps a sad story but someone mentioned the Pro Labs and as I looked into what those were about, I thought maybe I should take on a box or two.  Chatterbox is one I hadn't seen so I fired it up to take a look and I haven't come across Achat but the style isn't unfamiliar.  The privilege escalation is a bit of a downer but it's different and there's a lesson to be learned.  I don't really want to spoil part of the box so let's just dive in.  We kick off with Nmap:


    I'm giving away my book.  I've been sitting on it for a few months and I honestly don't know what to do with it.  It wasn't anything more than an idea, then I started putting words to paper, and the next thing I knew, I had something that resembled a book.  Over the course of the last 10 years or so, I've often thought about writing a book but I'd hammer out a few pages, lose interest, and the idea would fade off.  But not with this one.  I conjured up a vulnerable server and in parallel, I wrote lessons on how to approach it, enumerate it, exploit it, and eventually root it.  It's essentially a vulnerable server with a lesson manual.


    Page 4 of 47

    © 2020 sevenlayers.com