wks rohan - samuel-richardson/Sam-Tech-Journal GitHub Wiki
Target overview
| Hostname | IP | Ports |
|---|---|---|
| wks-rohan | 10.0.6.205 | TCP:22,135,139,445,3389,5040 |
Improper Password Policy
Description
Improper password policy occurs when passwords are reused between accounts and machines. Furthermore, the risk is increased if password complexity is low, allowing them to be brute-forced or cracked from hashes.
Severity: Critical
Remediation
To improve the password policy, passwords should not be shared between accounts at different access levels. The user account on one machine should not share the admin password of another. Furthermore, passwords should have a length and individual character complexity requirement such that passwords are not easily guessed with standard wordlists or password guessers.
Proof of Concept
Port scan of 10.0.6.205.
The Theoden user password was cracked from Shadowfax, which was previously exploited.
Create a tunnel for rdp traffic on port 3389.
Use the theoden password to login to the theoden-adm account via rdp.
wks-rohan root-flag.txt
wks-rohan user-flag.txt