Posts

Overwatch Writeup (HackTheBox Medium Machine)

-
Image
Overview Overwatch is a medium Windows/Active Directory machine from HackTheBox. This box showcases couple interesting vulnerabilities and misconfigurations so it’s definitely worth checking out. We start by discovering EXE program which we reverse engineer and find MS SQL credentials. Because our user’s write permissions, we perform ADIDNS poisoning and steal NTLMv2 hash with Responder. We get remote access to the machine. Once inside, we find an internal SOAP-based web service. We recheck the decompiled code and find command injection vulnerability. We exploit it and get shell as System user. Nmap scan Starting with the Nmap scan. ┌──(root㉿kali)-[/home/kali] └─# nmap -Pn -A -p- overwatch.htb -T5 Starting Nmap 7.98 ( https://nmap.org ) at 2026-01-26 04 :27 -0500 Nmap scan report for overwatch.htb (10.129.16.108) Host is up (0.027s latency). Not shown: 65516 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 53 /tcp open domai...
Post a Comment
Read more

Enterprise Writeup (TryHackMe Hard Machine)

-
Image
You just landed in an internal network. You scan the network and there’s only the Domain Controller… Overview Enterprise is a hard Windows / Active Directory machine from TryHackMe. This room showcases couple common misconfigurations and bad practices. We start with deep enumeration. We discover credentials on SMB share and Github repo. Then we crack password gained by Kerberoasting attack and get RDP access. Next, we perform post exploitation enumeration and find unquoted service path. We deliver our malicious program and get privileged shell, which we stabilize afterwards by migrating to stable process. Nmap scan Starting with the Nmap scan. ┌──(root㉿kali)-[/home/kali] └─# nmap -Pn -A -p- enterprise.thm -T5 Starting Nmap 7.98 ( https://nmap.org ) at 2026-03-29 07 :20 -0400 Warning: 10.112 .140 .190 giving up on port because retransmission cap hit (2). Nmap scan report for enterprise.thm (10.112.140.190) Host is up (0.023s latency). Not shown: 65504 ...
Post a Comment
Read more