Archetype Walkthrough Video 😀
个人博客地址
Help Desk
When reading through my long long article, somethings you should know in the first place.
- I included all my though process, so the article is very long. But I think to tell you guys what’s going through my mind is really important, since
why
is more valuable thanhow
. - All the thought process will be in bold and italic.
- Side notes are wrapped between side notes title, ignore them if you don’t want extra knowledge 😄
- If you are just looking for a solution, just go directly to my video, it’s slate clean with every step demonstrated.
中文对照:
- 我将我的思考过程全部记录下来,所以文章变得很长。但是我觉得这才是正确的分享方式,因为
为什么
比怎么做
更重要。 - 所有思考过程,都用加上了粗体和斜体 (如果不想看,可以直接略过)。
- 有一些旁注(side notes),用一对旁注标签包裹起来,里面做了一些扩展,如果你不需要这些知识点,可以直接略过 😄
- 如果你只想看解决方案,那么就直接点击我的视频,里面有最直接的解决方法,快捷省时。
HTB-Archetype
Article in company with a video makes a perfect learning experience.
Today, I am delivering this write up of the first ever machine that I am going to hack.
I am what people call noob
! I don’t know nothing. I am completely an empty glass. So I will be logging each and every move that I take during the whole journey, until I am really really stuck, then I am going to check out some walk throughs written by others.
As we go along, the hacking process will be more and more systematic. I will form my own work flow in dealing with different kinds of problems. And that’s good. Things are on the go and getting better and better.
I will also record a video, but the video is a redo, which means it will not contain any of the thought process, so it’s clean and time-saving.
Let’s get started.
Set up
The victim machine is at IP address 10.10.10.27
.
By the way, HTB needs you to set up a vpn to connect to its machines, refer to their tutorial, it’s quite clear.
First things first - Nmap
I recall from my first lesson, everything starts with nmap
, to list open ports and run some system scripts to find potential vulnerabilities.
Let’s do it.
Nmap result here:
# Nmap 7.80 scan initiated Wed Apr 15 00:56:39 2020 as: nmap -sC -sV -p135,139,445,1433,5985,14803,47001,49664,49665,49666,49667,49668,49669 -o nmap.txt 10.10.10.27
Nmap scan report for 10.10.10.27
Host is up (0.25s latency).
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Windows Server 2019 Standard 17763 microsoft-ds
1433/tcp open ms-sql-s Microsoft SQL Server 2017 14.00.1000.00; RTM
| ms-sql-ntlm-info:
| Target_Name: ARCHETYPE
| NetBIOS_Domain_Name: ARCHETYPE
| NetBIOS_Computer_Name: ARCHETYPE
| DNS_Domain_Name: Archetype
| DNS_Computer_Name: Archetype
|_ Product_Version: 10.0.17763
| ssl-cert: Subject: commonName=SSL_Self_Signed_Fallback
| Not valid before: 2020-04-15T02:23:29
|_Not valid after: 2050-04-15T02:23:29
|_ssl-date: 2020-04-15T05:12:26+00:00; +13m51s from scanner time.
5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-title: Not Found
14803/tcp closed unknown
47001/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-title: Not Found
49664/tcp open msrpc Microsoft Windows RPC
49665/tcp open unknown
49666/tcp open unknown
49667/tcp open unknown
49668/tcp open unknown
49669/tcp open msrpc Microsoft Windows RPC
Service Info: OSs: Windows, Windows Server 2008 R2 - 2012; CPE: cpe:/o:microsoft:windows
Host script results:
|_clock-skew: mean: 1h37m50s, deviation: 3h07m51s, median: 13m50s
| ms-sql-info:
| 10.10.10.27:1433:
| Version:
| name: Microsoft SQL Server 2017 RTM
| number: 14.00.1000.00
| Product: Microsoft SQL Server 2017
| Service