Intelligence Write-up by evyatar9

Read my Write-up to Intelligence machine on:


User 1: Discovering PDF’s with filenames based upon the date, Building a customized wordlist based upon the date, Downloading the PDF’s with python script and then examining users, Finding the password NewIntelligenceCorpUser987 which is the password of Tiffany.Molina.

User 2: Found PowerShell script downdetector.ps1 which is scheduled a DNS request for each 5 min, Using Responder we found the NTLMv2 hash of Ted.Graves.

User 3: Importing the bloodhound results for attack paths - Discovering we probably need to get access to the SVC_INT GMSA (Group Managed Service Account).

Root: Using impacket’s getST to generate a SilverTicket which we can use for impersonating an Administrator, Using our ticket with psexec to gain access to the server as Administrator.