?

Administrator HTB - Writeup

this was MUCH easier than i thought it was, just goes to show... bloodhound is really quite powerful!

you get the creds to the box instantly and can use winrm to access a shell as olivia, where you can then use sharphound and collect

h

here are all the users of the domain - we have olivia, who has GenericAll rights on michael

h

just change the password of michael:

h

michael's able to change benjamin's password

h

h

who can access a FTP file:

h

which contains a pwsafe file that can be cracked!

h

h

now we can access emily and get the user flag

h

to get to admin, we have to get to ethan first, who we can kerberoast

h

h

ethan is able to dcsync into admin:

h

so, just secrets-dump and grab the hash:

h

h