HTB Season 10: Garfield Writeup

HTB Season 10 · 10

garfield is a Windows machine rated hard that focuses on Active Directory environment misconfigurations and over permissions it covers Topics like attribute manipulation, RBCD, RODC, ticket forging, pivoting and tunneling, and more

April 8, 202619 min read

AD HTB Kerberos Windows Hard RBCD constrained-delegation read-only-dc ticket-forging rubeus mimikatz powerview.ps1

Enumeration

starting with nmap enumeration to know what we're dealing with here AD environment or web kinda foothold or mixed machine nmap results with windows are messy and big so I'll just show the results

shell

nmap -sC -sV -vv -oA initial 10.129.25.106 -Pn

and here is what we got DNS, Kerberos, RPC, NetBIOS, LDAP, SMB, kpasswd5, ncacn_http, LDAP GC, RDP, WinRM, mc-nmf (i hope there is some better way to show this maybe i will create a code snippets block that can be collapsed so it doesn'

...

garfield is still Active on HTB
According to HTB Policy, it's unauthorized to share any public write-ups for active machines, but it will be public once the machine retires.
For any hints or discussions, reach out to me X
Good luck !

unlock

notify

Subscribe to the newsletter

Get new posts delivered to your inbox.

Enumeration

Share

Subscribe to the newsletter