HTB_Explosion - meruneru/tech_memo GitHub Wiki
イントロのマシン
#RDP のマシン。
What is the name of the tool that we can use to initiate a desktop projection to our host using the terminal?
#xfreedp というソフトらしい。
#ポート3389 は、WindowsのRDPサービス
┌─[✗]─[htb-meruneru@htb-4ygdk8b8dx]─[~]
└──╼ $nmap -sV -sC -Pn 10.129.185.113
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2021-11-12 14:15 UTC
Nmap scan report for 10.129.185.113
Host is up (0.077s latency).
Not shown: 996 closed ports
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds?
3389/tcp open ms-wbt-server Microsoft Terminal Services
| rdp-ntlm-info:
| Target_Name: EXPLOSION
| NetBIOS_Domain_Name: EXPLOSION
| NetBIOS_Computer_Name: EXPLOSION
| DNS_Domain_Name: Explosion
| DNS_Computer_Name: Explosion
| Product_Version: 10.0.17763
|_ System_Time: 2021-11-12T14:25:26+00:00
| ssl-cert: Subject: commonName=Explosion
| Not valid before: 2021-09-20T16:22:34
|_Not valid after: 2022-03-22T16:22:34
|_ssl-date: 2021-11-12T14:25:34+00:00; +10m07s from scanner time.
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
|_clock-skew: mean: 10m06s, deviation: 0s, median: 10m06s
| smb2-security-mode:
| 2.02:
|_ Message signing enabled but not required
| smb2-time:
| date: 2021-11-12T14:25:27
|_ start_date: N/A
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 20.91 seconds
Administratorとして、RDPでログインできる。 下記コマンドでWindows画面が出てきてflag.txtがある。
┌─[htb-meruneru@htb-4ygdk8b8dx]─[~]
└──╼ $xfreerdp /v:10.129.185.113 /cert:ignore /u:Administrator