Recon

❯ netexec smb 10.10.11.69
SMB         10.10.11.69     445    DC01             [*] Windows 10 / Server 2019 Build 17763 (name:DC01) (domain:fluffy.htb) (signing:True) (SMBv1:False)

❯ echo 10.10.11.69 fluffy.htb DC01 DC01.fluffy.htb | sudo tee -a /etc/hosts
[sudo] password for adot:
10.10.11.69 fluffy.htb DC01 DC01.fluffy.htb

❯ rpcclient -U 'j.fleischman%J0elTHEM4n1990!' 10.10.11.69
rpcclient $> enumdomusers
user:[Administrator] rid:[0x1f4]
user:[Guest] rid:[0x1f5]
user:[krbtgt] rid:[0x1f6]
user:[ca_svc] rid:[0x44f]
user:[ldap_svc] rid:[0x450]
user:[p.agila] rid:[0x641]
user:[winrm_svc] rid:[0x643]
user:[j.coffey] rid:[0x645]
user:[j.fleischman] rid:[0x646]
rpcclient $> exit
❯ vi users.raw
❯ cat users.raw | awk -F [ '{print $2}' | awk -F] '{print $1}' > users.txt

PreviousFluffy Nextnmap

Last updated 2 months ago

Was this helpful?