Writeups for HacktheBox machines and challenges written in Spanish or English.
Starting with Mazro 2020, HTB flags are dynamic and different for each user, making it difficult to use this flag. So, I have chosen to use the full hash of root. Therefore you need to have obtained the root flag.
cat /etc/shadow
Text that you need to get the hash
root:$6$vb1tLY1qiY$M.1ZCqKtJBxBtZm1gRi8Bbkn39KU0YJW1cuMFzTRANcNKFKR4RmAQVk4rqQQCkaJT6wXqjUkFcA/qNxLyqW.U/:15405:0:99999:7:::
Obtain the hash
echo root:$6$vb1tLY1qiY$M.1ZCqKtJBxBtZm1gRi8Bbkn39KU0YJW1cuMFzTRANcNKFKR4RmAQVk4rqQQCkaJT6wXqjUkFcA/qNxLyqW.U/:15405:0:99999:7::: | md5sum
Output 151f66db48c6cc1f58c8c20bfc8e705d
Password
The output is the password for the wirte up
With the use of mimikatz we launch the following command to obtain the hash
./mimikatz.exe "lsadump::dcsync /user:administrator"
And in the final part we will use the one that says NTLM
Credentials: Hash NTLM: f9485863c1e9e05851ab40cbb5ab9dff
Just copy and paste into the PDF to unlock it !!
I hope you find them useful. In case of advice, feel free to contact me.
Write ups for retired machines following a manual testing approach without the use of automated tools.
- Magic
- Released on 18th April 2020
- OS: Linux
- Blunder
- Released on 30th May 2020
- OS: Linux
- Adminer
- Released on 2nd May 2020
- OS: Linux
- Legacy
- Released on 15th March 2020
- OS: Windows
- Tags: SMB, eternalblue, MS08-067, MS17-010