🧑⚖️Authority
https://app.hackthebox.com/machines/Authority
this is the output of the nmap:
We can connect to RPC via the following command:
And we can enumerate the shares, which will reveal we have read access on some shares ->
So looking at the content of the Development file, we can find some interesting stuff:
We see some Ansible yml scripts
let's connect to navigate better:
After some enumeration we find the PWN subfile called ansible_inventory
That could be evil-winrm creds but no it does not pass, we can verify with netexec->
So we continue enumeration and find stuff in the \Automation\Ansible\PWM\defaults\ file
we get the main.yml file and look at the content:
So after looking it up we see some tool called ansible2john ->
Last updated