VulnNet: Roasted | THM Writeup


VulnNet: Roasted is a easy Windows based machine in TryHackMe by TheCyb3rW0lf

User Part

Starting with nmap scan found many ports are open

From the nmap scan i found SMB is available and after some enumerations,

i found how to bruteforce users and groups by guessing every resource identifier (RID).

For that i used crackmapexec and i got some usernames.

Now i have is only some usernames.

So i used GetNPUsers for dumping kerberos creds and i got a creds of ‘t-skid’ .

Using John i cracked the password.

Now i have a username and a password, so i used SMB and found a intresting file.

I downloaded that to my machine.

By reading the vb script, i got a new username and password

Root Part

I have the new credentials, i checked with secretdump and got HASH of Administrator

Using Administrator’s HASH i can login to Administrator and read root flag.

Share on facebook
Share on twitter
Share on linkedin