![](/style/images/good.png)
4
![](/style/images/bad.png)
HackTheBox Escape [Net-NTLMv2 + ADCS + PTH + Silver Ticket]
source link: https://fdlucifer.github.io/2023/06/18/escape/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
HackTheBox Escape [Net-NTLMv2 + ADCS + PTH + Silver Ticket]
本文是medium难度的HTB Escape机器的域渗透部分,其中Net-NTLMv2, ADCS, PTH, Silver Ticket等域渗透细节是此box的特色,主要参考0xdf’s blog Escape walkthrough和HTB’s official Escape walkthrough记录这篇博客加深记忆和理解,及供后续做深入研究查阅,备忘。
nmap -p- --min-rate 10000 10.10.11.202
PORT STATE SERVICE
53/tcp open domain
88/tcp open kerberos-sec
135/tcp open msrpc
139/tcp open netbios-ssn
389/tcp open ldap
445/tcp open microsoft-ds
464/tcp open kpasswd5
593/tcp open http-rpc-epmap
636/tcp open ldapssl
1433/tcp open ms-sql-s
3268/tcp open globalcatLDAP
3269/tcp open globalcatLDAPssl
5985/tcp open wsman
9389/tcp open adws
49668/tcp open unknown
49691/tcp open unknown
49692/tcp open unknown
49708/tcp open unknown
49712/tcp open unknown
63474/tcp open unknown
Reference Sources
Buy me a coffee
- Post author: fdvoid0
- Post link: https://fdlucifer.github.io/2023/06/18/escape/
- Copyright Notice: All articles in this blog are licensed under BY-NC-SA unless stating additionally.
Welcome to my other publishing channels
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK