BloodHound on https://thedeanangle.xyz/tags/bloodhound/ Recent content in BloodHound on Hugo en-gb Sun, 04 May 2025 00:00:00 +0000 Administrator - HTB https://thedeanangle.xyz/writeups/administrator/ Sun, 04 May 2025 00:00:00 +0000 https://thedeanangle.xyz/writeups/administrator/ <table> <thead> <tr> <th style="text-align: center">Details</th> <th style="text-align: left"></th> </tr> </thead> <tbody> <tr> <td style="text-align: center"><img src="https://thedeanangle.xyz/images/retiredmachine.png" alt=""></td> <td style="text-align: left"><img src="https://thedeanangle.xyz/images/windows.png" alt=""></td> </tr> <tr> <td style="text-align: center">URL</td> <td style="text-align: left"><a href="https://app.hackthebox.com/machines/634" target="_blank">Hack The Box :: Administrator</a></td> </tr> <tr> <td style="text-align: center">Difficulty</td> <td style="text-align: left">Medium</td> </tr> <tr> <td style="text-align: center">User Solves</td> <td style="text-align: left">U: 7241 ~ R: 7025</td> </tr> <tr> <td style="text-align: center">Release Date</td> <td style="text-align: left">09 Nov, 2024</td> </tr> </tbody> </table> <h2><a href="https://thedeanangle.xyz/images/administrator/logo.png"></a></h2> <h2 id="overview">Overview</h2> <p>This machine simulates a realistic internal Windows Active Directory environment. The initial access is granted with the following credentials:</p> <ul> <li><strong>Username:</strong> <code>olivia</code></li> <li><strong>Password:</strong> <code>ichliebedich</code></li> </ul> <hr> <h2 id="reconnaissance">Reconnaissance</h2> <h3 id="rustscan--nmap">Rustscan + Nmap</h3> <p>A Rustscan quick sweep followed by Nmap revealed the following open ports:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span>PORT STATE SERVICE VERSION </span></span><span style="display:flex;"><span>21/tcp open ftp Microsoft ftpd </span></span><span style="display:flex;"><span>53/tcp open domain Simple DNS Plus </span></span><span style="display:flex;"><span>88/tcp open kerberos-sec Microsoft Windows Kerberos </span></span><span style="display:flex;"><span>135/tcp open msrpc Microsoft Windows RPC </span></span><span style="display:flex;"><span>139/tcp open netbios-ssn Microsoft Windows netbios-ssn </span></span><span style="display:flex;"><span>464/tcp open kpasswd5? </span></span><span style="display:flex;"><span>5985/tcp open http Microsoft HTTPAPI httpd 2.0 (WinRM) </span></span><span style="display:flex;"><span>47001/tcp open http Microsoft HTTPAPI httpd 2.0 </span></span><span style="display:flex;"><span>49666/tcp open msrpc </span></span><span style="display:flex;"><span>49854/tcp open ncacn_http Microsoft RPC over HTTP </span></span><span style="display:flex;"><span>49859/tcp open msrpc </span></span><span style="display:flex;"><span>49914/tcp open msrpc </span></span><span style="display:flex;"><span>62532/tcp open msrpc </span></span></code></pre></div><p>Key services: FTP (21), Kerberos (88), and WinRM (5985)</p>