정리를 하기 전에 다 풀었다…
다음 부터는 풀면서 정리해야겠다.
TASK 1
Which TCP port is hosting a database server?
답 : 1433
TASK 2
What is the name of the non-Administrative share available over SMB?
답 : backups
TASK 3
What is the password identified in the file on the SMB share?
ID : archetype\sql_svc
PW : M3g4c0rp123
답 : M3g4c0rp123
TASK 4
What script from Impacket collection can be used in order to establish an authenticated connection to a Microsoft SQL Server?
구글에 검색해보니 mssqlclient.py를 사용하여 MS SQL에 접속할 수 있다고 한다.
답 : mssqlclient.py
TASK 5
What extended stored procedure of Microsoft SQL Server can be used in order to spawn a Windows command shell?
답 : xp_cmdshell
TASK 6
What script can be used in order to search possible paths to escalate privileges on Windows hosts?
답 : winpeas
TASK 7
What file contains the administrator's password?
https://book.hacktricks.xyz/generic-methodologies-and-resources/shells/windows#powershell
위 주소에서 코드를 얻을 수 있다.
답 : C:\Users\sql_svc\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt
SUBMIT FLAG
Submit user flag
답 : 3e7b102e78218e935bf3f4951fec21a3
SUBMIT FLAG
Submit root flag
답 : b91ccec3305e98240082d4474b848528
'HackTheBox' 카테고리의 다른 글
| [HTB] Vaccine (0) | 2023.03.25 |
|---|---|
| [HTB] Oopsie (0) | 2023.03.23 |
| [HTB] Tactics (0) | 2023.03.22 |
| [HTB] Pennyworth (0) | 2023.03.22 |
| [HTB] Funnel (0) | 2023.03.21 |