Footprinting medium machinr

Hi , I know this was a whiel ago, but did you end up solving this ? I’m also stuck at the noboy previlige and even if i have the nfs mounted, i cannot access to the directory because of PERMISSION DENIED

Sometimes you’re not allowed to change to certain directories as an unprivileged user.

FINALLY solved.

I in the end used the HTB discord for further advice and deepdive. For those who are struggling, if I can do this ( And trust me it took me days to solve this. ) You CAN.

Some hints

  1. yes mount is probably the good start
  2. having permission issue ? try to search root command for linux. Don’t think too much about trying to ‘cd’ the mounted directory
  3. I actually used ‘grep’ and ‘find’ alot
  4. Once accessing RDP, try looking into the Windows UI for some clue. You are not that far from the goal.

yes and alex’s credentials and it gives me an error

Once again Reconfigure your vpn file and try it again

1 Like

If you are still struggling check out this video.

Thanks for SQL query. It salved me

If you are stuck, then following reading can help you understand what needed to be done.

First , do nmap scan and understand what type of server is it and what the server is running and take note of the fact that everyone can access it.

Understand the meaning and concept of exports in NFS

Exporting a directory declares that a directory in the server's namespace is available to client machines. If you see a directory as NFS export (a directory that has been exported by an NFS server), then it means that a user can mount it. Mounting a directory makes the files that reside on the NFS server available to the user.

And then read this NFS command.

also, read this basic info about SQL server command

I know this is a bit late. For anyone else with this issue, start the application in admin mode using the SA credentials. From there, it’s just a matter of searching for the username and password.

1 Like

important.txt is an empty text file thought?

Important.txt is not empty it has a very small string right at the beginning of it. If it is empty I would suggest reloading the machine

Did you guys think this lab was easier than the easy lab? I did. I had way less trouble with this one.

I am just wanting to learn the point where i am stuck … like what was wrong in my initial scan… why i was not able to get the MSSQL serve port using -p- scan… rest i am ok with the lab

From my notes related to “Footprinting Lab - Medium”. there are are no ports related to MySQL or MSSQL which can be discovered.
For reference i have used the following Nmap scan ‘sudo nmap -sS -sV -sC -A -Pn --top-ports 1000

My only hint for you to go forward is to check the NFS.
good luck.

Thanks i have already mounted the NFS and working on it. Thanks


please PM … I have right click and perfrm the same step… unable to switch to new user

hi! unable to run sqlsrv as a different user. can you give me a hint?

Right click and run as administrator?

yes did it but the password is not working on local admin or admin account

Ah, I see…
I hate when HTB does these kinds of stuff, not the first time. I understand that we need to learn but this is just stupid. I like the content but the tasks are horrible at best. Might need to rethink if i want to use this service anymore.

My question to HTB staff, how can I know this if I have never even encountered it before? How can I research into something that I did not know was possible?