Hi, it is a bit frustrating, but I got stuck at very first step. It is unclear if we must target .local or .com domain.
We read “Let’s move into internal enumeration and begin analyzing the internal INLANEFREIGHT.LOCAL domain passively”, so my assumption is that we should connect to our attack box and run discovery from there. I started pwnbox, but I have no interfaces in 172.16.5.0/23 network (which should be our target network according to previous chapter). And I can’t reach any IPs in that range from my pwnbox.
But the question says: "While looking at inlanefreights public records; A flag can be seen. Find the flag and submit it. ( format == HTB{****} )"
So is the question about inlanefreight.com or inlanefreight.local?
Found the solution. I think this question is a bit confusing, anyway.
Question belongs to PUBLIC domain (inlanefreight.com), despite the sentence “Let’s move into internal enumeration and begin analyzing the internal INLANEFREIGHT.LOCAL domain passively and actively per our assessment’s scope and rules of engagement”
Module: ACTIVE DIRECTORY ENUMERATION & ATTACKS
Chapter: Initial Enumeration of the Domain
Problem encountered: cannot find any information asked in the questions
From your scans, what is the “commonName” of host 172.16.5.5 ? - Where do I find this host? It is not online and PowerShell didn’t give me any connection that seems similar.
What host is running “Microsoft SQL Server 2019 15.00.2000.00”? (IP address, not Resolved name) - I could not find anything that looked like this.
I am probably looking in the wrong direction or simply dont understand the question properly enough, anyone that can give me some help finding the answers?