HTB Season 10: Logging Writeup

Logging is a Windows machine rated medium that covers TGT, binary decompiling, DLL hijacking, DNS spoofing, WSUS MITM

April 19, 202619 min read

AD binary_hijacking HTB Medium Kerberos TGT Windows wsus-mitm dns-spoofing shadow-crednetials

Overview

The machine starts by Simple enumeration that discovers share with leaked credentials in a log file, this account has generic write over one of the accounts so we perform Shadow attack and getting winrm to find a binary and hijack its dll to get user WSUS connection to subdomain so we poison dns record and get that connection to our fake WSUS to get shell as NT SYSTEM

Enumeration

lets start with our nmap enumeration

plaintext

...

Logging is still Active on HTB
According to HTB Policy, it's unauthorized to share any public write-ups for active machines, but it will be public once the machine retires.
For any hints or discussions, reach out to me X
Good luck !

unlock

notify

Subscribe to the newsletter

Get new posts delivered to your inbox.

Overview

Enumeration

Share

Subscribe to the newsletter