smbclient -L //10.10.10.161 -N # No shares accessible without creds, but null session works
Let's start by exploring the HTTP services running on ports 80 and 8080. forest hackthebox walkthrough best
Get Administrator NTLM hash: aad3b435b51404eeaad3b435b51404ee:32693b11e6aa90eb43d32c72a9cee6ca smbclient -L //10
whoami /all
$krb5asrep$23$svc-alfresco@HTB.LOCAL:hash_string... forest hackthebox walkthrough best
Most walkthroughs show that you can get an initial shell by AS-REP roasting a user ( svc-alfresco ) because Kerberos pre-authentication is disabled. That’s cool, but common.