Archetype

Initial Scan

sudo nmap -T4 -Pn -sV -sC -v 10.129.95.187 -oA Archetype

Task 1

Which TCP port is hosting a database server?

Answer: 1433

Task 2

What is the name of the non-Administrative share available over SMB?

Answer: backups

Task 3

What is the password identified in the file on the SMB share?

Answer: M3g4c0rp123

Task 4

What script from Impacket collection can be used in order to establish an authenticated connection to a Microsoft SQL Server?

Answer: mssqlclient.py

Task 5

What extended stored procedure of Microsoft SQL Server can be used in order to spawn a Windows command shell?

Answer:xp_cmdshell

Task 6

What script can be used in order to search possible paths to escalate privileges on Windows hosts? PEASS Github Answer: winpeas

Task 7

What file contains the administrator's password?

Answer: ConsoleHost_History.txt

Task 8

Submit user flag

Answer: 3e7b102e78218e935bf3f4951fec21a3

Task 9

Submit root flag

.\winPEASx64.exe

Administrator Password: MEGACORP_4dm1n!!

Answer: b91ccec3305e98240082d4474b848528