Bastion | HTB Writeup

Overview

Bastion is a easy windows machine in HackTheBox by L4mpje

User Part

Start with Nmap scan found 4 ports are open

22:SSH

135:RPC

139,445:SMB

I used smbmap to view, which all shares are accessible.

I can read & write in Backups share. 

In that share, I got a note.txt file.

I downloaded that,In that it tells that “don’t transfer entire backup in locally”

So i started to check backup files and I got 2 virtual machine files.

I chose the file which has large size for further testing

Then I searched for how to mount the vhd file and I got this in StackOverflow.

I used this method and I got the folders. 

After some enumerations, I found the 2 important files which are SAM and SYSTEM files are accessible.

I used secretdump to get hash from the file.

I used crackstation to crack the password, Because I need to find the password for SSH.

I got the password of the l4mpje user.

Using that credentials I can log in to SSH and I got the user flag.

Root Part

Then I checked for the programs which all are installed and got the mRemoteNG program.

I just checked whether any exploits are available or not and I got an exploit.

In that, they mentioned a path to the confCons.xml file.

Also, they mentioned a repository for the python script.

As mentioned in that blog, I checked for the file and by reading that file I got a password.

And using the python script I decrypted the password hash.

That was the password for Administrator and I got the root flag.

Share on facebook
Share on twitter
Share on linkedin