Skip to content

Network Services

ℹ️ Informations

  • 🌐 Website: HackTheBox
  • 📚 Module: Password Attacks
  • 🔗 Link: Network Services

Question

Find the user for the WinRM service and crack their password. Then, when you log in, you will find the flag in a file there. Submit the flag you found as the answer.

📋 Walkthrough

  1. Enumerate the WinRM service using tools such as crackmapexec or evil-winrm.
  2. Find the user associated with the service.
  3. Use a password-cracking tool like John the Ripper or Hashcat to crack the password.
  4. Once the password is cracked, use the WinRM service to log in.
  5. Locate the flag file and retrieve the flag.
Answer

[REDACTED]

Question

Find the user for the SSH service and crack their password. Then, when you log in, you will find the flag in a file there. Submit the flag you found as the answer.

📋 Walkthrough

  1. Enumerate the SSH service using tools such as nmap and ssh-keyscan.
  2. Identify the user for the SSH service.
  3. Use John the Ripper or Hydra to crack the SSH password.
  4. Log in via SSH using the cracked credentials.
  5. Locate the flag in the user's home directory.
Answer

[REDACTED]

Question

Find the user for the RDP service and crack their password. Then, when you log in, you will find the flag in a file there. Submit the flag you found as the answer.

📋 Walkthrough

  1. Use nmap to identify the RDP service running on the target machine.
  2. Find the associated user for the RDP service.
  3. Crack the user's password using tools such as John the Ripper.
  4. Log in via RDP using a remote desktop client like xfreerdp.
  5. Locate the flag file on the remote machine.
Answer

[REDACTED]

Question

Find the user for the SMB service and crack their password. Then, when you log in, you will find the flag in a file there. Submit the flag you found as the answer.

📋 Walkthrough

  1. Enumerate the SMB service using tools such as smbclient or enum4linux.
  2. Identify the user for the SMB shares.
  3. Crack the user's SMB password using Hydra or John the Ripper.
  4. Access the SMB shares using the cracked credentials.
  5. Find the flag in one of the shared folders.
Answer

[REDACTED]