Archetype
Initial Scan
sudo nmap -T4 -Pn -sV -sC -v 10.129.95.187 -oA Archetype
Task 1
Which TCP port is hosting a database server?
Answer: 1433
Task 2
What is the name of the non-Administrative share available over SMB?
Answer: backups
Task 3
What is the password identified in the file on the SMB share?
Answer: M3g4c0rp123
Task 4
What script from Impacket collection can be used in order to establish an authenticated connection to a Microsoft SQL Server?
Answer: mssqlclient.py
Task 5
What extended stored procedure of Microsoft SQL Server can be used in order to spawn a Windows command shell?
Answer:xp_cmdshell
Task 6
What script can be used in order to search possible paths to escalate privileges on Windows hosts? PEASS Github Answer: winpeas
Task 7
What file contains the administrator's password?
Answer: ConsoleHost_History.txt
Task 8
Submit user flag
Answer: 3e7b102e78218e935bf3f4951fec21a3
Task 9
Submit root flag
.\winPEASx64.exe
Administrator Password: MEGACORP_4dm1n!!
Answer: b91ccec3305e98240082d4474b848528
Last updated