Mirrors/CTF-Writeups
2
0
Fork 0
mirror of https://github.com/AbdullahRizwan101/CTF-Writeups synced 2024-11-10 06:34:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update Tengu.md

Browse source
This commit is contained in:
ARZ 2024-09-15 22:18:51 +03:00 committed by GitHub
parent 644aa02d48
commit 25702b8504
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 21 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
Vulnlab/Tengu.md
View file

@ -105,6 +105,25 @@ Dev didn't had anything interesting while there was one set of credential from D
<img src="https://i.imgur.com/001siDc.png"/> <img src="https://i.imgur.com/001siDc.png"/>
Attempting to crack this with rockyou.txt didn't work as the password wasn't present there however crackstation came in handy here
<img src="https://i.imgur.com/fLZciwp.png"/>
<img src="https://i.imgur.com/62buPKb.png"/>
Having the credentials, we can verify if this is a valid domain user
<img src="https://i.imgur.com/e6T9dEw.png"/>
With `bloodhound-python`, the domain can be enumerated
```bash
proxychains bloodhound-python -d tengu.vl -u t2_m.winters -p 'Tengu123' -c all -ns 10.10.183.37
```
<img src="https://i.imgur.com/EwzmEoc.png"/>
# References # References
- https://quentinkaiser.be/pentesting/2018/09/07/node-red-rce/ - https://quentinkaiser.be/pentesting/2018/09/07/node-red-rce/
@ -113,4 +132,6 @@ Dev didn't had anything interesting while there was one set of credential from D
``` ```
nodered_connector:DreamPuppyOverall25 nodered_connector:DreamPuppyOverall25
t2_m.winters:af9cfa9b70e5e90984203087e5a5219945a599abf31dd4bb2a11dc20678ea147 t2_m.winters:af9cfa9b70e5e90984203087e5a5219945a599abf31dd4bb2a11dc20678ea147
t2_m.winters:Tengu123
``` ```