Hack The Box — Explosion

HTB Tags: #Windows #Network #AccountMisconfiguration.

This is the fourth in the Starting Point series ,the first of the non-free VIP boxes as well as being another MS Windows challenge. This time the focus is on the remote desktop protocol. So let’s start by enumerating as normal with a standard run of ping and nmap.

ping

ping $IP -c 4

nmap

nmap -sC -sV -A $IP -p-

We have a lot to look through and a lot of information to validate. Again such sites as https://www.speedguide.net/port.php?port=3389 will help to explain the RDP port more thoroughly.

We could look through the Samba ports but on our initial review of them, we got the NT_STATUS_ACCESS_DENIED during connection. This now directs us to port 3389.

remote desktop protocol

There are a large number of RDP applications available to use, both free and at cost, however the default Kali build comes with the application xfreerdp. From it’s Linux man page:

xfreerdp is an X11 Remote Desktop Protocol (RDP) client which is part of the FreeRDP project. An RDP server is built-in to many editions of Windows.

In this case, as we have not found any username:passwords, the login details were provided. Remember these are training challenges, the next ones may not be as easy!

xfreerdp /v:$IP /cert:ignore /u:Administrator

Fot this terminal command we have:

  • /v Server Hostname
  • /cert Simply ignores a requirement for a certificate
  • /u username details can include domain.

As already mentioned, we were given Administrator details (no password) so by hitting return, it opened a new remote destop session:

Closing the initial menu window revealed the flag.txt file on the Desktop, which was opened by double clicking with the mouse.

summary

As much is this is advertised as a very easy challenge, we have been made aware of a new graphical method of exploiting the targets, assuming of course that we have found the username:password combinations.

--

--

--

20 + years in an IT environment, working for companies such as Synstar, HP, DXC and Capgemini in a number of different service areas. Now a cyber CTF addict.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Monero public full node

New Programmable TOTP token Protectimus Flex

DEFISCALE New DeFi Project Joins Market!

Facebook encryption can prevent child abuse, the NCA says

New 5G UICC Features

Announcement on Ending Genesis Badge NFT Claims

Crazy News! The Biggest Upcoming ONI.exchange Platform has Officially Launched!

Annoucement: Rules of Greek Mythology NFT Airdrop & Announcement on the First Batch of Airdrop List

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
James Pearson

James Pearson

20 + years in an IT environment, working for companies such as Synstar, HP, DXC and Capgemini in a number of different service areas. Now a cyber CTF addict.

More from Medium

First Figures with Friends of Tracking

[EN] Why FireFly?

African Profile 2

THIS IS HOW YOU CAN MAKE YOUR OWN NFTs