Support HackTheBox

Difficulty = Easy

IP Address = 10.129.159.23

Nmap Scan

# Nmap 7.92 scan initiated Thu Dec 15 21:50:23 2022 as: nmap -sCV -p53,88,135,139,389,445,464,593,636,3268,3269,5985,9389 -oN nmapscan -Pn 10.10.11.174
Nmap scan report for 10.10.11.174
Host is up (0.20s latency).

PORT     STATE SERVICE       VERSION
53/tcp   open  domain        Simple DNS Plus
88/tcp   open  kerberos-sec  Microsoft Windows Kerberos (server time: 2022-12-15 20:50:31Z)
135/tcp  open  msrpc         Microsoft Windows RPC
139/tcp  open  netbios-ssn   Microsoft Windows netbios-ssn
389/tcp  open  ldap          Microsoft Windows Active Directory LDAP (Domain: support.htb0., Site: Default-First-Site-Name)
445/tcp  open  microsoft-ds?
464/tcp  open  kpasswd5?
593/tcp  open  ncacn_http    Microsoft Windows RPC over HTTP 1.0
636/tcp  open  tcpwrapped
3268/tcp open  ldap          Microsoft Windows Active Directory LDAP (Domain: support.htb0., Site: Default-First-Site-Name)
3269/tcp open  tcpwrapped
5985/tcp open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Not Found
9389/tcp open  mc-nmf        .NET Message Framing
Service Info: Host: DC; OS: Windows; CPE: cpe:/o:microsoft:windows

Host script results:
|_clock-skew: -1s
| smb2-time: 
|   date: 2022-12-15T20:50:42
|_  start_date: N/A
| smb2-security-mode: 
|   3.1.1: 
|_    Message signing enabled and required

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Thu Dec 15 21:51:23 2022 -- 1 IP address (1 host up) scanned in 59.85 seconds

From the scan we can tell this is a windows AD environment

I’ll add the domain to my /etc/hosts file

└─$ cat /etc/hosts | grep supp
10.129.159.23   support.htb

Time to start enumerating

SMB Enumeration

```