HTB Timelapse WIP writeup

I am not good at all with Windows machines so this will be fun…

1. Start off with adding to our /etc/hosts file

2. nmap scan results

445 — SMB is open

3. We will see what guest can see in SMB

Shares/ is read only

4. Dev and Helpdesk subfolders

5. Dev contents

Might as well get the zip file

6. HelpDesk contents

7. Where the zip file ends up (will go to whatever directory you were in when initiating the smb get request)

8. Try unzipping the file

9. zip2john will help us crack the password

Creating a crackable hash with Zip2john

10. You can use locate if you don’t know where rockyou is located (apt-get install locate). Attempt to crack the hash

Find the password of supremelegacy

11. We find a pfx file inside so we’ll try pfx2john and see where we get

12. ??? Still a WIP