Hackthebox Walkthroughs: Bastion

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on whatsapp
WhatsApp

Ok, so this is my first blog for hackthebox retired machine. As we all know, Hackthebox is a great platform to test your penetration testing skills, and it’s machines are differnt from other penetration testing platforms. I have selected Bastion as my first htb blog machine which is windows based.

Let’s Start. The IP of bastion is 10.10.10.134.

As always,I started with Nmap.

nmap -sC -sV 10.10.10.134
Manish Bhardwaj's Blog

After Scanning I found on port 445 smb is running.

smbclient -L //10.10.10.134
Manish Bhardwaj's Blog
IPC$,C$,ADMIN$ is default in all windows machine.

Let’s enumerate Backup.

smbclient //10.10.10.134/Backup
Manish Bhardwaj's Blog
WindowsImageBackup is something we have to look at.

Let’s Mount the backup.

mount -t cifs //10.10.10.134/Backups /root/htb/smb

if you are receiving error like this:
mount: /root/htb/smb: bad option; for several filesystems (e.g. nfs, cifs) you might need a /sbin/mount. helper program.

Install these utilities.
nfs-common,cifs-utils
Manish Bhardwaj's Blog
Manish Bhardwaj's Blog
To check the size of vhd files

Now let’s use guestmount utility;

guestmount --add 9b9cfbc4-369e-11e9-a17c-806e6f6e6963.vhd --inspector --ro -v /root/htb/smb/gmnt/
Manish Bhardwaj's Blog

I copied the SAM, SECURITY & SYSTEM and pass them through pwdump

After decrypting hash of L4mpje user and then ssh.

Furthur enumerating, I found mRemoteNG installed which is vulnerable .

To decrypt its password I will use this. Using google-fu, I found the location of encrypted password at c:\Users\\AppData\Roaming\mRemoteNG\confCons.xml

After getting Administrator password,I ssh to get shell and gets root.txt.

root.txt

Visit: Azure Skynet CosmicSkills

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on whatsapp
WhatsApp

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top