The article details a mission named ‘Tangled Heist’ where a survivor group attempts to infiltrate a rebel faction’s headquarters to gather critical data for their mission. Kaila acts as an undercover agent to access valuable information that sheds light on the rebel organization and their vault. The article includes various network analysis tasks related to an LDAP and KRB5 protocol capture file. Affected: cyber security, network traffic analysis, Active Directory environments
Keypoints :
- The mission ‘Tangled Heist’ involves infiltrating a rebel faction’s headquarters.
- Kaila uses an account of a rebel faction member to gain access to critical data.
- The captured data is crucial for understanding the rebel faction’s organization.
- The tasks involve analyzing network traffic from LDAP and KRB5 protocols.
- Compromised user account ‘Copper’ was used to conduct the attack.
- The Distinguished Name (DN) of the Domain Controller is CN=SRV195,OU=Domain Controllers,DC=rebcorp,DC=htb.
- The Domain managed by the Domain Controller is rebcorp.htb.
- There are 14 failed login attempts recorded on ‘Ranger’ user account.
- The executed LDAP query to find all groups is (objectClass=group).
- There are 5 non-standard groups in the system.
- The non-standard user flagged as βdisabledβ is ‘Radiation’.
- The field targeted by the attacker for data writing is ‘wWWHomePage’.
- The new value written in ‘wWWHomePage’ is ‘http://rebcorp.htb/qPvAdQ.php’.
- The attacker created a new user ‘B4ck’ assigned to the group ‘Enclave’.
- The plaintext for the user ‘Hurricane’ with the UF_DONT_REQUIRE_PREAUTH flag is ‘april18’.
- Skills learned from the analysis include network analysis and extracting relevant data.
Full Story: https://infosecwriteups.com/htb-business-ctf-2024-tangled-heist-281eb0934d2d?source=rss—-7b722bfd1b8d—4
Views: 7