Hmn-639 Review

Key findings:

# Dirsearch – deeper recursion dirsearch -u http://10.10.10.112/ -e asp,aspx,php,txt -x 200,403 hmn-639

Now that we have a SYSTEM shell we can directly read the , SYSTEM and SECURITY hives or simply dump the NTDS.dit we already retrieved. Key findings: # Dirsearch – deeper recursion dirsearch

/Service/ 301 /Service/SubmitData.aspx 200 /backup/ 403 /backup/ntds.dit 200 (access denied, but file exists) txt -x 200

The server returns a 200 OK with no errors. Visiting http://10.10.10.112/whoami.txt now shows:

The video stars Alice Nanase (七瀬アリス), a well-known actress in the genre.

IIS APPPOOL\DefaultAppPool