Recent Posts

Tryhackme Ra Walkthrough

Ra is a windows machine which starts with a typical business website for Windcorp where there is a password reset function which can be used to change a user’s password to gain access to a SMB share to download spark live chat application which is vulnerable that can be used to harvest a user’s NTLM hash that can be used to gain initial access to the machine.On further exploring the machine a script can be seen that contains a username who’s password can be changed since the user has extended rights to change password as he is a member of the account operator group.Analysing the script we can see that there is command injection vulnerability that can be abused to gain admin privilege and pwn the machine