This article provides a detailed walkthrough of the “Escape” machine on Hack The Box, focusing on Active Directory enumeration techniques and exploitation methods. The author shares insights gained from the experience, including working with Kerberos, NTLM, and Certificate Authority. Affected: Hack The Box
Keypoints :
- The box “Escape” is rated Medium and is the author’s first Active Directory machine.
- Key techniques learned include Active Directory Enumeration, Kerberos, Certificate Authority, and NTLM Enumeration.
- Nmap was used to identify open ports and services on the target machine.
- SMB shares were enumerated to find accessible files, leading to the discovery of MSSQL credentials.
- Privilege escalation was achieved through the exploitation of a vulnerable certificate template.
MITRE Techniques :
- TA0001 – Initial Access: Exploited SMB shares to gain access to the machine.
- TA0007 – Discovery: Used Nmap for service enumeration and SMB for share discovery.
- TA0008 – Lateral Movement: Utilized Evil-WinRM to move laterally within the network.
- TA0011 – Command and Control: Used Rubeus to request credentials from the target.
- TA0040 – Impact: Achieved privilege escalation through certificate manipulation.
Indicator of Compromise :
- [url] sequel.htb
- [url] 10.129.170.66
- [file name] SQL Server Procedures.pdf
- [tool name] Rubeus.exe
- [tool name] Certify.exe
- Check the article for all found IoCs.
Full Research: https://medium.com/@0xBahalaNa/hack-the-box-escape-c113fc64b5e8?source=rss——cybersecurity-5