🛑
This box is still active on HackTheBox. Once retired, this article will be published for public access as per HackTheBox's policy on publishing content from their platform.
Clicking the Subscribe button below WILL NOT get you access to this article (although I would be grateful for your subscription otherwise).
Clicking the Subscribe button below WILL NOT get you access to this article (although I would be grateful for your subscription otherwise).
Initial Foothold Hint:
- This is a domain controller. What services might allow you to enumerate usernames? Are there any misconfigured users (e.g. common AD user misconfigurations)?
- This box is going to require a client application for one of the services
- If you can't find a login for the server, why don't you create one?
- Once logged in, do you see any interesting data? Any way to export interesting data? Did you really export all of the interesting data (e.g. think phonebook).
- What more can you enumerate from a domain controller if you have a credential?
- Are there any users in any interesting AD groups?
Privilege Escalation Hint:
- What services are running internally behind the firewall?
- Any CVEs that you could exploit to move higher in the system?
