Security Blog, Rants, Raves, Write-ups, and Code
Security Blog, Rants, Raves, Write-ups, and Code
No Place To Hide
| Name: | No Place To Hide |
|---|---|
| Hint: | We found evidence of a password spray attack against the Domain Controller, and identified a suspicious RDP session. We'll provide you with our RDP logs and other files. Can you see what they were up to? |
| Base Points: | Easy - Retired [0] |
| Rated Difficulty: |  |
|
HTB-Bot  |
| Creator: | felamos  |
Download and unzip the file and check the hint:
Hint: We found evidence of a password spray attack against the Domain Controller, and identified a suspicious RDP session. We'll provide you with our RDP logs and other files. Can you see what they were up to?
Files: bcache24.bmc and Cache0000.bin
The bcache24.bmc file is empty currently. Cache0000.bin is a "data" file that is not human readable. Well, this should be fun. While looking for a way to parse out a cache0000.bin file, we come across this GitHub repo that seems like it will do what we need. https://github.com/ANSSI-FR/bmc-tools. So, clone into it and run it using:
┌──(kali㉿kali)-[~/Desktop/HTB/NoPlaceToGo/bmc-tools]
└─$ python3 bmc-tools.py -s ../Cache0000.bin -d ../ 2 ⨯
[+++] Processing a single file: '../Cache0000.bin'.
[===] 1162 tiles successfully extracted in the end.
[===] Successfully exported 1162 files.
1162 files...WOW this might take a bit. Just at a glace though 1126, 1128, 1149 and 1151 seem interesting. If we put them next to each other (see below) the flag appears.
HTB{w47ch_y0ur_c0Nn3C71} is our flag. BMC Tools to the rescue on this one!
©2020 Phoenix Computing Solutions | Powered by Coffee, Sarcasm, and Insanity
Everything included in the site is the intellectual property of Chris Ruggieri (Neocount Phoenix) and Phoenix Computing Solutions.
This information should not be construed as legal advice. The owner can not be held liable for anything another entity does with this information.
This information is solely the opinions and experiences of myself (Chris Ruggieri) and should not be construed as endorsement of any product, service, or of illegal activity
(GET WRITTEN PERMISSION PEOPLE!!)
Any links I provide as a convenience and for informational purposes only; they do not constitute an endorsement or an approval by the owner of this site for any of the products, services or opinions of the corporation or organization or individual.
Contact the external sites for answers to questions regarding its content.
This Includes any links posted by Chris Ruggieri in any other websites, Social Media networks, Online Groups and Online sharing Websites.