Heist | HackTheBox Writeup

Overview

Heist is a easy windows based machine in HackTheBox by MinatoTW

User Part

Start with nmap scan found 5 ports open

80:HTTP

135,445: SMB

5985: Winrm

49669:msrpc

On checking the HTTP i goth this website

On trying with guest login I got this webpage.

Hazard is talking about the cisco router.

There is an attachment, in that attachment, I got some passwords and usernames.

So I searched google for router password decrypter and found a website for decryption.

I got 2 passwords decrypted, the last one shows an error.

So I started hashcat and got the password.

now I have some usernames and passwords as shows below.

I used crackmapexec for SMB brute-forcing and got the password of the Hazard user.

Then I used “–rid-brute” for brute-forcing users using Resource Identifier (RID) bruteforing.

I got usernames Jason,Chase.

Now I used brute-forcing smb using crackmapexec and found a valid password of Chase.

I used winrm to login and got user flag.

Root Part

On checking processes I found the firefox is running.

I uploaded the procdump and dumped firefox data to zipfile.

It is about 300MB and I used Metasploit for downloading.

On searing strings with password and admin I got a password.

I used that to log in and got root flag.

Share on facebook
Share on twitter
Share on linkedin