Heist | HackTheBox Writeup
Start with nmap scan found 5 ports open
On checking the HTTP i goth this website
On trying with guest login I got this webpage.
Hazard is talking about the cisco router.
There is an attachment, in that attachment, I got some passwords and usernames.
So I searched google for router password decrypter and found a website for decryption.
I got 2 passwords decrypted, the last one shows an error.
So I started hashcat and got the password.
now I have some usernames and passwords as shows below.
I used crackmapexec for SMB brute-forcing and got the password of the Hazard user.
Then I used “–rid-brute” for brute-forcing users using Resource Identifier (RID) bruteforing.
I got usernames Jason,Chase.
Now I used brute-forcing smb using crackmapexec and found a valid password of Chase.
I used winrm to login and got user flag.
On checking processes I found the firefox is running.
I uploaded the procdump and dumped firefox data to zipfile.
It is about 300MB and I used Metasploit for downloading.
On searing strings with password and admin I got a password.
I used that to log in and got root flag.