VulnNet: Roasted | THM Writeup
Starting with nmap scan found many ports are open
From the nmap scan i found SMB is available and after some enumerations,
i found how to bruteforce users and groups by guessing every resource identifier (RID).
For that i used crackmapexec and i got some usernames.
Now i have is only some usernames.
So i used GetNPUsers for dumping kerberos creds and i got a creds of ‘t-skid’ .
Using John i cracked the password.
Now i have a username and a password, so i used SMB and found a intresting file.
I downloaded that to my machine.
By reading the vb script, i got a new username and password
I have the new credentials, i checked with secretdump and got HASH of Administrator
Using Administrator’s HASH i can login to Administrator and read root flag.