Today's box is going to be Sauna. I finally got to use hashcat to actually crack a password, so that was nice.
This morning I woke up to some great personal news that I was being invited to a 72-hour hacking challenge as part of a technical interview for an Ethical Hacker (SQUEE!). Part of the challenge there isn't just the hacking, but also putting forth some excellent reports detailing the hacks, similar to what the job would entail towards a customer. So over the next few days I will be focusing in on the Reporting a little more to help prepare for this.
So you will have to forgive today's writeup, as there will be less on the website itself, but more in the report itself.
In short, this Windows Server was serving dual purpose as both a Web Server, and LDAP Server. The lesson here is to separate and segragate your public facing servers (like web) from your internal/protected servers, like LDAP.
In this box, I *FINALLY* got a chance to use hashcat to brute-force a hashed password we were able to extract using built-in LDAP functions, and from that initial foothold, we were able to further abuse LDAP (and an auto-login service account) to gain full Admin acces. There was a lot more to the LDAP/Windows/Domain stuff than I have ever really dove in to, so there was a lot of learning involved in this one.
The report should have a whole lot more details on my thought process, as well as the commands I ran and their output.