type
status
date
slug
summary
tags
category
icon
password
Catagory
Materials
Retired
Retired
Due date
Jan 16, 2024 05:33 AM
Status
Belong in
Progress
Task1:Which TCP port is hosting a database server?
1433
Task2:What is the name of the non-Administrative share available over SMB?
Task3:What is the password identified in the file on the SMB share?
M3g4c0rp123
Task4:What script from Impacket collection can be used in order to establish an authenticated connection to a Microsoft SQL Server?
Task5:What extended stored procedure of Microsoft SQL Server can be used in order to spawn a Windows command shell?
Task6:What script can be used in order to search possible paths to escalate privileges on Windows hosts?
winpeas
先創造reverse shell,上傳nc.exe
在victim中安裝winpeas
Task7:What file contains the administrator's password?
執行完winpeas,先看history
C:\Users\sql_svc\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt
登入administrator
Sumit user flag
Sumit root flag
Reference
- 作者:ji3g4gp
- 連結:https://gpblog.vercel.app//article/HTB-Archetype
- 著作權:本文採用 CC BY-NC-SA 4.0 許可協議,轉載請註明出處。