Footprinting medium machinr

Hi ! I found some informations but I can’t figure how to use them… Help needed !

Have you found a solution in the meantime?

Yes ! It took some time but I passed this one, finally not so hard BTW. Some basics I was missing :wink:

1 Like

Hello, I am also stuck the medium lab.
Trying to log into SQL Server Management with the found credentials, but they won’t work.
Server name of the MYSSQL is also not found. Any hints how to properly make use of the Server Management?

There is one more user on the system. Try it with that :wink:


Yes, I got that! :wink: Thank you!

I actually found the credentials for the user HTB without passing by the SQL Server. But for completeness I would like to know how to connect to the DB. I have found a clue of the form “sa:XXXXXXXX” which I believe would be the credentials, but I cannot login with that. Any hints?

There is another user on the system. try that one.

Thanks! I’m in…now going to dig into the DB

Hey, I think I missed something in my learning but I can’t put the finger on what knowledge I’m missing.

I first enumerates services, found 6. Added inlanefreight.htb to my hosts.

I’ve mounted the nfs and found some creds for a service which is deactivated. I don’t know what to do with the others informations I got from it.
Then I tried to enumerate the others services but nothing comes out, I need other creds so I tried to dig for others domains but all I’ve got is connection refused.

If someone could tell me what am I lacking or what I’m doing wrong I would be pleased. Thx :slightly_smiling_face:

Hi I have the same problem I’ve got the credentials for an “alex” account but i don’t know where to use them, please help me

Try RDP :wink:


Thank you, I tried but i’m not able to find the right credentials for the SQL server, i tried every directory in the system…

Can you give me another hint on what to do with the credentials that i’ve found? I’ve used them with all the users, i don’t know which is the user you’re talking about.

I wrote you a DM

I’m also massively struggling with this one and have spent far too many hours on it. I’ve tried enumerating NFS and SMB but no luck. I have no idea how other people have obtained credentials for RDP.

Someone above makes it sound like they mounted the NFS share to get credentials, but when I mount via NFS I always end up as the “nobody” user. Despite specifying vers=2 or vers=3 or proto=tcp. I’ve even tried toggling nfs4_disable_idmapping. Whats interesting is that nmap nfs-ls script shows contents of the NFS share, but when I mount I can’t even open the folder.

The official hint speaks about a database service, but I don’t even see a database service, unless it can only be seen after RDP to target? Any hints would be greatly appreciated. I feel like I must be missing something simple.

Yes you need first to mount the nfs and then you will find a lot of .txt files, in one of them there are the credentials for RDP.

I mounted the NFS folder with the command provided by HTB Academy in the cheatsheet. There you will find many files with extension “.txt” and in one of them there is the password of “alex” that will be useful for RDP.

Think that the “alex” credentials can be used to access other services like SMB for example. Maybe you will find something “important.txt” and it will be useful for the “SQL Management Studio”. I hope I helped you.

1 Like

I hope this helps this is how far I’ve gotten in 3 days,

1 Like

Same problem for me- I am able to mount NFS share, but can’t access it- user nobody. any hints how to mount NFS correctly?