HackTheBox Writeup — Resolute

Information Gathering

I started normally with a port scan, and it returned a bunch of open ports.

Getting User

The port 5985 is active on the machine, which is the WinRM protocol (basically a remote PowerShell).

Username: melanie
Password: Welcome123!

Getting Second User

While enumerating the system, I’ve found the home directory for other user named Ryan.

Username: ryan
Password: Serv3r4Admin4cc123!

Getting Administrator

While checking the groups and privileges I came across something very strange, the user Ryan was member of the group DNSAdmins.

dnscmd [IP address] /config /serverlevelplugindll [path for DLL]

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cristian Cornea

Cristian Cornea

🇷🇴 Cyber Security Enthusiast, Freelancer, Researcher, Bug Bounty Hunter and InfoSec Writer | OSEP | OSWE | OSCP | CEH | CPTC | PenTest+ | eWPT | ECIH