HTB Starting Point: Tier 2

1.1 INTRODUCTION

Task 1

Which TCP port is hosting a database server?

Answer: 1433

Task 2

What is the name of the non-Administrative share available over SMB?

Answer: backups

Task 3

What is the password identified in the file on the SMB share?

Answer: M3g4c0rp123

Task 4

What script from Impacket collection can be used in order to establish an authenticated connection to a Microsoft SQL Server?

Answer: mssqlclient.py

Task 5

What extended stored procedure of Microsoft SQL Server can be used in order to spawn a Windows command shell?

Answer:

Task 6

What script can be used in order to search possible paths to escalate privileges on Windows hosts?

Answer:

Task 7

What file contains the administrator's password?

Answer:

Submit user flag

Answer:

Submit root flag

Answer: