Name: | No Place To Hide |
---|---|
Hint: | We found evidence of a password spray attack against the Domain Controller, and identified a suspicious RDP session. We'll provide you with our RDP logs and other files. Can you see what they were up to? |
Base Points: | Easy - Retired [0] |
Rated Difficulty: | |
HTB-Bot | |
Creator: | felamos |
Download and unzip the file and check the hint:
Hint: We found evidence of a password spray attack against the Domain Controller, and identified a suspicious RDP session. We'll provide you with our RDP logs and other files. Can you see what they were up to?
Files: bcache24.bmc and Cache0000.bin
The bcache24.bmc file is empty currently. Cache0000.bin is a "data" file that is not human readable. Well, this should be fun. While looking for a way to parse out a cache0000.bin file, we come across this GitHub repo that seems like it will do what we need. https://github.com/ANSSI-FR/bmc-tools. So, clone into it and run it using:
┌──(kali㉿kali)-[~/Desktop/HTB/NoPlaceToGo/bmc-tools]
└─$ python3 bmc-tools.py -s ../Cache0000.bin -d ../ 2 ⨯
[+++] Processing a single file: '../Cache0000.bin'.
[===] 1162 tiles successfully extracted in the end.
[===] Successfully exported 1162 files.
1162 files...WOW this might take a bit. Just at a glace though 1126, 1128, 1149 and 1151 seem interesting. If we put them next to each other (see below) the flag appears.
HTB{w47ch_y0ur_c0Nn3C71} is our flag. BMC Tools to the rescue on this one!