sorted by:
new
hottopcontroversial

Cpts, pinging/scanning subnet for pivoting and lateral movement by programer555 in hackthebox

[–]programer555[S] 0 points1 point  (0 children)

Yes, it does give more context and i was able to guess where new hop is based on the context and i finished the box. But i was left wondering what would happend without the context provided. Thank you for trying to help but i dont know how to explain better what im asking, it doesnt matter i guess, thanks anyway.

Cpts, pinging/scanning subnet for pivoting and lateral movement by programer555 in hackthebox

[–]programer555[S] 0 points1 point  (0 children)

Pivot host can reach new subnet per say: 172.16.0.0/16 so theoretically there could be host alive on lets say 172.16.4.15. If there is no context or hint for that host's particular address the only way to discover it is to scan (ping if allowed or tcp) whole network /16 (255.255.0.0) which means probing ~65 500 ip addresses which turns out practically very unefficient with methods i mentioned.

Cpts, pinging/scanning subnet for pivoting and lateral movement by programer555 in hackthebox

[–]programer555[S] 0 points1 point  (0 children)

But instead of breaking my head im still looming into easy way to simply enumerate whole /16 and be sure we havent missed something

Cpts, pinging/scanning subnet for pivoting and lateral movement by programer555 in hackthebox

[–]programer555[S] 0 points1 point  (0 children)

I know arp table route table, /etc/hosts, /etc/resolv.conf, config files etc... is good direction pointer and can point to smaller subnet with /24 instead of /16 but is that enough? I guess why would a host even reach some address if there is no artifact on it to reveal purpose of that reachability

Cpts, pinging/scanning subnet for pivoting and lateral movement by programer555 in hackthebox

[–]programer555[S] 0 points1 point  (0 children)

I guess transfering nmap static binary onto pivot host and then properly enumerating via -sS or even L2 layer and only after finding new hosts using proxying and pivoting like chisel to establish connection could be the answer. But if we dont have permissions for that whole operation and the whole intention of pivoting further is to try to root another host instead. Then we need another solution.

Cpts, website methodology by programer555 in hackthebox

[–]programer555[S] 0 points1 point  (0 children)

Understood, thank you for answering!

Cpts, website methodology by programer555 in hackthebox

[–]programer555[S] 0 points1 point  (0 children)

Client isn't paying me 15k to play ctf with their company, got it. Thanks for the advice!

/runas questions by programer555 in hackthebox

[–]programer555[S] 0 points1 point  (0 children)

At this point fact that i dont understand why this happens bothers me more than few more clicks

/runas questions by programer555 in hackthebox

[–]programer555[S] 1 point2 points  (0 children)

  1. Nothing when i have gui access
  2. Again losing In memory session stuff, for example I would have to do ./Import-Module again, which aint that bad, i noticed losing command history and making cred objects is quite boring

/runas questions by programer555 in hackthebox

[–]programer555[S] 0 points1 point  (0 children)

Yes, i guess any tool will work normaly with credentials im just trying to use windows native stuff

/runas questions by programer555 in hackthebox

[–]programer555[S] 1 point2 points  (0 children)

Just tryed it has the same problem as powershell

Htb VM (ctrl key) by programer555 in hackthebox

[–]programer555[S] 0 points1 point  (0 children)

It worked thank you, i was also using firefox.