Eighteen

#windows #easy

https://app.hackthebox.com/machines/Eighteen

sudo nmap -p- --open -sS --min-rate 5000 -Pn -n -vv 10.10.11.95 -oA openPorts

PORT     STATE SERVICE  REASON
80/tcp   open  http     syn-ack ttl 127
1433/tcp open  ms-sql-s syn-ack ttl 127
5985/tcp open  wsman    syn-ack ttl 127

nmap -p 80,1433,5985 -sCV -Pn -n -vv 10.10.11.95 -oA targeted

PORT     STATE SERVICE  REASON  VERSION
80/tcp   open  http     syn-ack Microsoft IIS httpd 10.0
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
|_http-title: Did not follow redirect to http://eighteen.htb/
|_http-server-header: Microsoft-IIS/10.0
1433/tcp open  ms-sql-s syn-ack Microsoft SQL Server 2022 16.00.1000.00; RTM
| ms-sql-info: 
|   10.10.11.95:1433: 
|     Version: 
|       name: Microsoft SQL Server 2022 RTM
|       number: 16.00.1000.00
|       Product: Microsoft SQL Server 2022
|       Service pack level: RTM
|       Post-SP patches applied: false
|_    TCP port: 1433
| ms-sql-ntlm-info: 
|   10.10.11.95:1433: 
|     Target_Name: EIGHTEEN
|     NetBIOS_Domain_Name: EIGHTEEN
|     NetBIOS_Computer_Name: DC01
|     DNS_Domain_Name: eighteen.htb
|     DNS_Computer_Name: DC01.eighteen.htb
|     DNS_Tree_Name: eighteen.htb
|_    Product_Version: 10.0.26100
| ssl-cert: Subject: commonName=SSL_Self_Signed_Fallback
| Issuer: commonName=SSL_Self_Signed_Fallback
| Public Key type: rsa
| Public Key bits: 3072
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2025-11-23T00:22:27
| Not valid after:  2055-11-23T00:22:27
| MD5:     052b c704 cb85 b585 c0c7 7074 3389 addf
| SHA-1:   c585 0ad2 5ef3 9801 fd2e 4907 652e 1e77 9fc0 18f4
| SHA-256: f2e2 7fcf a6f5 1756 4726 9826 dc31 0cbe 8455 fc47 a69f 8e95 f1d7 9fdb 95b7 f14c
| -----BEGIN CERTIFICATE-----
| MIIEADCCAmigAwIBAgIQOgfiuqR97IVNdofQJ9jTlTANBgkqhkiG9w0BAQsFADA7
| MTkwNwYDVQQDHjAAUwBTAEwAXwBTAGUAbABmAF8AUwBpAGcAbgBlAGQAXwBGAGEA
| bABsAGIAYQBjAGswIBcNMjUxMTIzMDAyMjI3WhgPMjA1NTExMjMwMDIyMjdaMDsx
| OTA3BgNVBAMeMABTAFMATABfAFMAZQBsAGYAXwBTAGkAZwBuAGUAZABfAEYAYQBs
| AGwAYgBhAGMAazCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALYTTVBb
| PeQL1gY057KZBT6oE8BULBIBh7J9c0VdHm7EiSyPjhZcbEKaRsdkhsGi8G9R1FPF
| zfMkDm3wwyMYuhUN0S8J3RQdpUBeDjeTgjLKuxWoEjEacnVudFGxp5peHDwsehi+
| VpOZpOKMx5mAoyfSU/lFA/lwwSsD5FF8ULkk7A7OOgYV2N0gsrg75ZnBwkpYQzk1
| u8LxFhaCOq5XBVpxhlUZyysYn+dqS2lMqO2P6p16gEdknZFGtnyYUBgJ1YBTddle
| Zxkr4Rs7gIykq/BdvemR0CGs0oEXsNcshkp7sV6Yi8BIv8f/PZykaOsWBwxxlH6k
| f1/V7XFvw4D8/BJXLi3yIJs8MU5oPjktfRmjZHXGG8yAcOtOJs35XOVAwE2LGDRg
| 0M2qOGiUnanRnwcoEzNt4BqTuNgYAd0PGhw5YPwiiTck7WAbmNO/A5ZRDAwPkD6w
| NGQaoYDAXiiyjMc8gwjEonSHHVP3fDzZMgPRHEG3D4+w+RlRcTEm/KVIpQIDAQAB
| MA0GCSqGSIb3DQEBCwUAA4IBgQBEcohPwFgqkEUKytFIa3IHVX9ziMj4FbadxnmQ
| sGoD4YuWzLfoHE/LIFf53sG6HJ+b2amFExvX7LPXEbfyO7JrnZKpTiuCNGHzwKHr
| jvO+caDrLoi5XIp2vTX0yl72b4ocH2xppwRqWD2KX3eG6vtB52d1D6LGUytZ+Aiq
| 7fyBicUfwbDd39D2ls0669BT/AhvrKOw0PD9il+rgisNZQAfC5xewfxI2Iy5ErED
| xqBfL1upfKFHnsX0ouTO3TU8X54o31ZMvdGsVvp8JzARwYTGZwQw1hrGxvi1GwhM
| tpiyoHZu+j9TJgYfKhtcSFqOSUGGLCVf5n2wemRxQd+nu2RJnVKRSUxaAX/sTXrQ
| JdPHV5CwrAkEF12dvlBmCTSxRP4FYvuLt8hf0hGZcoNAWUoJNGNaiLi2ZyivnKyl
| 9DJ/uKZASlMm+Xr5aCk/mU4jVwYWhKFrh2OmvcEXAFNzxom4/o+v1MHsvMCAt0Gh
| tvuppYKoaf7McNICbFmQlQVzxBQ=
|_-----END CERTIFICATE-----
|_ssl-date: 2025-11-23T00:31:43+00:00; +6h59m35s from scanner time.
5985/tcp open  http     syn-ack Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Not Found
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Host script results:
|_clock-skew: mean: 6h59m34s, deviation: 0s, median: 6h59m34s

Add eighteen.htb domain to /etc/hosts file

PreviousEditor NextEra

Last updated 2 months ago

nmap -p 80,1433,5985 -sCV -Pn -n -vv 10.10.11.95 -oA targeted PORT STATE SERVICE REASON VERSION 80/tcp open http syn-ack Microsoft IIS httpd 10.0 | http-methods: |_ Supported Methods: GET HEAD POST OPTIONS |_http-title: Did not follow redirect to http://eighteen.htb/ |_http-server-header: Microsoft-IIS/10.0 1433/tcp open ms-sql-s syn-ack Microsoft SQL Server 2022 16.00.1000.00; RTM | ms-sql-info: | 10.10.11.95:1433: | Version: | name: Microsoft SQL Server 2022 RTM | number: 16.00.1000.00 | Product: Microsoft SQL Server 2022 | Service pack level: RTM | Post-SP patches applied: false |_ TCP port: 1433 | ms-sql-ntlm-info: | 10.10.11.95:1433: | Target_Name: EIGHTEEN | NetBIOS_Domain_Name: EIGHTEEN | NetBIOS_Computer_Name: DC01 | DNS_Domain_Name: eighteen.htb | DNS_Computer_Name: DC01.eighteen.htb | DNS_Tree_Name: eighteen.htb |_ Product_Version: 10.0.26100 | ssl-cert: Subject: commonName=SSL_Self_Signed_Fallback | Issuer: commonName=SSL_Self_Signed_Fallback | Public Key type: rsa | Public Key bits: 3072 | Signature Algorithm: sha256WithRSAEncryption | Not valid before: 2025-11-23T00:22:27 | Not valid after: 2055-11-23T00:22:27 | MD5: 052b c704 cb85 b585 c0c7 7074 3389 addf | SHA-1: c585 0ad2 5ef3 9801 fd2e 4907 652e 1e77 9fc0 18f4 | SHA-256: f2e2 7fcf a6f5 1756 4726 9826 dc31 0cbe 8455 fc47 a69f 8e95 f1d7 9fdb 95b7 f14c | -----BEGIN CERTIFICATE----- | MIIEADCCAmigAwIBAgIQOgfiuqR97IVNdofQJ9jTlTANBgkqhkiG9w0BAQsFADA7 | MTkwNwYDVQQDHjAAUwBTAEwAXwBTAGUAbABmAF8AUwBpAGcAbgBlAGQAXwBGAGEA | bABsAGIAYQBjAGswIBcNMjUxMTIzMDAyMjI3WhgPMjA1NTExMjMwMDIyMjdaMDsx | OTA3BgNVBAMeMABTAFMATABfAFMAZQBsAGYAXwBTAGkAZwBuAGUAZABfAEYAYQBs | AGwAYgBhAGMAazCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALYTTVBb | PeQL1gY057KZBT6oE8BULBIBh7J9c0VdHm7EiSyPjhZcbEKaRsdkhsGi8G9R1FPF | zfMkDm3wwyMYuhUN0S8J3RQdpUBeDjeTgjLKuxWoEjEacnVudFGxp5peHDwsehi+ | VpOZpOKMx5mAoyfSU/lFA/lwwSsD5FF8ULkk7A7OOgYV2N0gsrg75ZnBwkpYQzk1 | u8LxFhaCOq5XBVpxhlUZyysYn+dqS2lMqO2P6p16gEdknZFGtnyYUBgJ1YBTddle | Zxkr4Rs7gIykq/BdvemR0CGs0oEXsNcshkp7sV6Yi8BIv8f/PZykaOsWBwxxlH6k | f1/V7XFvw4D8/BJXLi3yIJs8MU5oPjktfRmjZHXGG8yAcOtOJs35XOVAwE2LGDRg | 0M2qOGiUnanRnwcoEzNt4BqTuNgYAd0PGhw5YPwiiTck7WAbmNO/A5ZRDAwPkD6w | NGQaoYDAXiiyjMc8gwjEonSHHVP3fDzZMgPRHEG3D4+w+RlRcTEm/KVIpQIDAQAB | MA0GCSqGSIb3DQEBCwUAA4IBgQBEcohPwFgqkEUKytFIa3IHVX9ziMj4FbadxnmQ | sGoD4YuWzLfoHE/LIFf53sG6HJ+b2amFExvX7LPXEbfyO7JrnZKpTiuCNGHzwKHr | jvO+caDrLoi5XIp2vTX0yl72b4ocH2xppwRqWD2KX3eG6vtB52d1D6LGUytZ+Aiq | 7fyBicUfwbDd39D2ls0669BT/AhvrKOw0PD9il+rgisNZQAfC5xewfxI2Iy5ErED | xqBfL1upfKFHnsX0ouTO3TU8X54o31ZMvdGsVvp8JzARwYTGZwQw1hrGxvi1GwhM | tpiyoHZu+j9TJgYfKhtcSFqOSUGGLCVf5n2wemRxQd+nu2RJnVKRSUxaAX/sTXrQ | JdPHV5CwrAkEF12dvlBmCTSxRP4FYvuLt8hf0hGZcoNAWUoJNGNaiLi2ZyivnKyl | 9DJ/uKZASlMm+Xr5aCk/mU4jVwYWhKFrh2OmvcEXAFNzxom4/o+v1MHsvMCAt0Gh | tvuppYKoaf7McNICbFmQlQVzxBQ= |_-----END CERTIFICATE----- |_ssl-date: 2025-11-23T00:31:43+00:00; +6h59m35s from scanner time. 5985/tcp open http syn-ack Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) |_http-server-header: Microsoft-HTTPAPI/2.0 |_http-title: Not Found Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows Host script results: |_clock-skew: mean: 6h59m34s, deviation: 0s, median: 6h59m34s