laokoon

2023-11-24 17:54:35 +01:00
parent adf3a00bd7
commit eaec057bb1
138 changed files with 6861 additions and 0 deletions
--- a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/enum4linux.txt
+++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/enum4linux.txt
@@ -0,0 +1,139 @@
+Starting enum4linux v0.9.1 ( http://labs.portcullis.co.uk/application/enum4linux/ ) on Sat Oct 28 14:27:53 2023
+
+[34m =========================================( [0m[32mTarget Information[0m[34m )=========================================
+
+[0mTarget ........... 10.129.243.131
+RID Range ........ 500-550,1000-1050
+Username ......... ''
+Password ......... ''
+Known Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none
+
+
+[34m ===========================( [0m[32mEnumerating Workgroup/Domain on 10.129.243.131[0m[34m )===========================
+
+[0m[33m
+[E] [0m[31mCan't find workgroup/domain
+
+[0m
+
+[34m ===============================( [0m[32mNbtstat Information for 10.129.243.131[0m[34m )===============================
+
+[0mLooking up status of 10.129.243.131
+No reply from 10.129.243.131
+
+[34m ==================================( [0m[32mSession Check on 10.129.243.131[0m[34m )==================================
+
+[0m[33m
+[+] [0m[32mServer 10.129.243.131 allows sessions using username '', password ''
+
+[0m
+[34m ==========================( [0m[32mGetting information via LDAP for 10.129.243.131[0m[34m )==========================
+
+[0m[33m
+[+] [0m[32m10.129.243.131 appears to be a child DC
+
+[0m
+[34m ===============================( [0m[32mGetting domain SID for 10.129.243.131[0m[34m )===============================
+
+[0mDomain Name: MEGACORP
+Domain Sid: S-1-5-21-855300830-391258870-456067225
+[33m
+[+] [0m[32mHost is part of a domain (not a workgroup)
+
+[0m
+[34m ==================================( [0m[32mOS information on 10.129.243.131[0m[34m )==================================
+
+[0m[33m
+[E] [0m[31mCan't get OS info with smbclient
+
+[0m[33m
+[+] [0m[32mGot OS info for 10.129.243.131 from srvinfo:
+[0mdo_cmd: Could not initialise srvsvc. Error was NT_STATUS_ACCESS_DENIED
+
+
+[34m ======================================( [0m[32mUsers on 10.129.243.131[0m[34m )======================================
+
+[0m[33m
+[E] [0m[31mCouldn't find users using querydispinfo: NT_STATUS_ACCESS_DENIED
+
+[0m
+[33m
+[E] [0m[31mCouldn't find users using enumdomusers: NT_STATUS_ACCESS_DENIED
+
+[0m
+[34m ===============================( [0m[32mMachine Enumeration on 10.129.243.131[0m[34m )===============================
+
+[0m[33m
+[E] [0m[31mNot implemented in this version of enum4linux.
+
+[0m
+[34m ================================( [0m[32mShare Enumeration on 10.129.243.131[0m[34m )================================
+
+[0mdo_connect: Connection to 10.129.243.131 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND)
+
+	Sharename       Type      Comment
+	---------       ----      -------
+Reconnecting with SMB1 for workgroup listing.
+Unable to connect with SMB1 -- no workgroup available
+[33m
+[+] [0m[32mAttempting to map shares on 10.129.243.131
+
+[0m
+[34m ===========================( [0m[32mPassword Policy Information for 10.129.243.131[0m[34m )===========================
+
+[0m[33m
+[E] [0m[31mUnexpected error from polenum:
+
+[0m
+
+[+] Attaching to 10.129.243.131 using a NULL share
+
+[+] Trying protocol 139/SMB...
+
+	[!] Protocol failed: Cannot request session (Called Name:10.129.243.131)
+
+[+] Trying protocol 445/SMB...
+
+	[!] Protocol failed: SAMR SessionError: code: 0xc0000022 - STATUS_ACCESS_DENIED - {Access Denied} A process has requested access to an object but has not been granted those access rights.
+
+
+[33m
+[E] [0m[31mFailed to get password policy with rpcclient
+
+[0m
+
+[34m ======================================( [0m[32mGroups on 10.129.243.131[0m[34m )======================================
+
+[0m[33m
+[+] [0m[32mGetting builtin groups:
+
+[0m[33m
+[+] [0m[32m Getting builtin group memberships:
+
+[0m[33m
+[+] [0m[32m Getting local groups:
+
+[0m[33m
+[+] [0m[32m Getting local group memberships:
+
+[0m[33m
+[+] [0m[32m Getting domain groups:
+
+[0m[33m
+[+] [0m[32m Getting domain group memberships:
+
+[0m
+[34m =================( [0m[32mUsers on 10.129.243.131 via RID cycling (RIDS: 500-550,1000-1050)[0m[34m )=================
+
+[0m[33m
+[E] [0m[31mCouldn't get SID: NT_STATUS_ACCESS_DENIED.  RID cycling not possible.
+
+[0m
+[34m ==============================( [0m[32mGetting printer info for 10.129.243.131[0m[34m )==============================
+
+[0mdo_cmd: Could not initialise spoolss. Error was NT_STATUS_ACCESS_DENIED
+
+
+enum4linux complete on Sat Oct 28 14:28:33 2023
+
+
--- a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/nbtscan.txt
+++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/nbtscan.txt
@@ -0,0 +1,3 @@
+Doing NBT name scan for addresses from 10.129.243.131
+
+
--- a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbclient.txt
+++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbclient.txt
@@ -0,0 +1,8 @@
+do_connect: Connection to 10.129.243.131 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND)
+Anonymous login successful
+
+	Sharename       Type      Comment
+	---------       ----      -------
+Reconnecting with SMB1 for workgroup listing.
+Unable to connect with SMB1 -- no workgroup available
+
--- a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbmap-execute-command.txt
+++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbmap-execute-command.txt
@@ -0,0 +1,3 @@
+[!] RPC Authentication error occurred
+[!] Authentication error on 10.129.243.131
+
--- a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbmap-list-contents.txt
+++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbmap-list-contents.txt
@@ -0,0 +1,3 @@
+[!] RPC Authentication error occurred
+[!] Authentication error on 10.129.243.131
+
--- a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbmap-share-permissions.txt
+++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbmap-share-permissions.txt
@@ -0,0 +1,3 @@
+[!] RPC Authentication error occurred
+[!] Authentication error on 10.129.243.131
+
--- a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/tcp_139_smb_nmap.txt
+++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/tcp_139_smb_nmap.txt
@@ -0,0 +1,22 @@
+# Nmap 7.93 scan initiated Sat Oct 28 14:27:53 2023 as: nmap -vv --reason -Pn -T4 -sV -p 139 "--script=banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/tcp_139_smb_nmap.txt -oX /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/xml/tcp_139_smb_nmap.xml 10.129.243.131
+Nmap scan report for megacorp.htb (10.129.243.131)
+Host is up, received user-set (0.036s latency).
+Scanned at 2023-10-28 14:27:57 CEST for 41s
+
+PORT    STATE SERVICE     REASON          VERSION
+139/tcp open  netbios-ssn syn-ack ttl 127 Microsoft Windows netbios-ssn
+|_smb-enum-services: ERROR: Script execution failed (use -d to debug)
+Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
+
+Host script results:
+|_smb2-time: ERROR: Script execution failed (use -d to debug)
+|_smb-protocols: No dialects accepted. Something may be blocking the responses
+|_smb2-security-mode: SMB: Couldn't find a NetBIOS name that works for the server. Sorry!
+|_smb-mbenum: ERROR: Script execution failed (use -d to debug)
+|_smb2-capabilities: SMB: Couldn't find a NetBIOS name that works for the server. Sorry!
+|_smb-vuln-ms10-061: SMB: Couldn't find a NetBIOS name that works for the server. Sorry!
+|_smb-print-text: false
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Sat Oct 28 14:28:38 2023 -- 1 IP address (1 host up) scanned in 45.20 seconds
--- a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/xml/tcp_139_smb_nmap.xml
+++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/xml/tcp_139_smb_nmap.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Sat Oct 28 14:27:53 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 139 &quot;-&#45;script=banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)&quot; -oN /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/tcp_139_smb_nmap.txt -oX /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/xml/tcp_139_smb_nmap.xml 10.129.243.131 -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 139 &quot;-&#45;script=banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)&quot; -oN /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/tcp_139_smb_nmap.txt -oX /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/xml/tcp_139_smb_nmap.xml 10.129.243.131" start="1698496073" startstr="Sat Oct 28 14:27:53 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="syn" protocol="tcp" numservices="1" services="139"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1698496077"/>
+<taskend task="NSE" time="1698496077"/>
+<taskbegin task="NSE" time="1698496077"/>
+<taskend task="NSE" time="1698496077"/>
+<taskbegin task="NSE" time="1698496077"/>
+<taskend task="NSE" time="1698496077"/>
+<taskbegin task="SYN Stealth Scan" time="1698496077"/>
+<taskend task="SYN Stealth Scan" time="1698496077" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1698496077"/>
+<taskend task="Service scan" time="1698496084" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1698496084"/>
+<taskprogress task="NSE" time="1698496115" percent="97.14" remaining="1" etc="1698496116"/>
+<taskend task="NSE" time="1698496116"/>
+<taskbegin task="NSE" time="1698496116"/>
+<taskend task="NSE" time="1698496118"/>
+<taskbegin task="NSE" time="1698496118"/>
+<taskend task="NSE" time="1698496118"/>
+<host starttime="1698496077" endtime="1698496118"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.129.243.131" addrtype="ipv4"/>
+<hostnames>
+<hostname name="megacorp.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="tcp" portid="139"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="netbios-ssn" product="Microsoft Windows netbios-ssn" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service><script id="smb-enum-services" output="ERROR: Script execution failed (use -d to debug)"/></port>
+</ports>
+<hostscript><script id="smb2-time" output="ERROR: Script execution failed (use -d to debug)"/><script id="smb-protocols" output="No dialects accepted. Something may be blocking the responses"/><script id="smb2-security-mode" output="SMB: Couldn&apos;t find a NetBIOS name that works for the server. Sorry!">false</script><script id="smb-mbenum" output="ERROR: Script execution failed (use -d to debug)"/><script id="smb2-capabilities" output="SMB: Couldn&apos;t find a NetBIOS name that works for the server. Sorry!">false</script><script id="smb-vuln-ms10-061" output="SMB: Couldn&apos;t find a NetBIOS name that works for the server. Sorry!">false</script><script id="smb-print-text" output="false">false</script></hostscript><times srtt="35989" rttvar="35989" to="179945"/>
+</host>
+<taskbegin task="NSE" time="1698496118"/>
+<taskend task="NSE" time="1698496118"/>
+<taskbegin task="NSE" time="1698496118"/>
+<taskend task="NSE" time="1698496118"/>
+<taskbegin task="NSE" time="1698496118"/>
+<taskend task="NSE" time="1698496118"/>
+<runstats><finished time="1698496118" timestr="Sat Oct 28 14:28:38 2023" summary="Nmap done at Sat Oct 28 14:28:38 2023; 1 IP address (1 host up) scanned in 45.20 seconds" elapsed="45.20" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>
				`@@ -0,0 +1,3 @@`
				`Doing NBT name scan for addresses from 10.129.243.131`