Darkzero (Hard) - HTB - Hack with Mike

Starting the box

Link to the box: https://app.hackthebox.com/machines/darkzero

Port Scan

We start off the box by running a port scan on the provided IP.

Attacker Linux

rustscan -a 10.129.215.80 -r 1-65535 -- -A -vvv -oN DarkZero

Output of Rustscan:

Terminal Output

Open 10.129.215.80:53
Open 10.129.215.80:88
Open 10.129.215.80:135
Open 10.129.215.80:139
Open 10.129.215.80:389
Open 10.129.215.80:445
Open 10.129.215.80:464
Open 10.129.215.80:593
Open 10.129.215.80:636
Open 10.129.215.80:1433
Open 10.129.215.80:2179
Open 10.129.215.80:3268
Open 10.129.215.80:3269
Open 10.129.215.80:5985
Open 10.129.215.80:9389
Open 10.129.215.80:49664
Open 10.129.215.80:49666
Open 10.129.215.80:49670
Open 10.129.215.80:49671
Open 10.129.215.80:49891
Open 10.129.215.80:49908
Open 10.129.215.80:49963

A few key notes:

Port 88 is open, which means this is likely a Windows Domain Controller (DC).
Port 1433 is open, which is the usual port for MSSQL
Port 5985 is open, which is the usual port for WinRM.

Edit the Hosts file

As always, we edit the /etc/hosts file to add the hostname:

Attacker Linux

sudo nano /etc/hosts

/etc/hosts

Nano Interface

10.129.215.80 dc01.darkzero.htb darkzero.htb

Active Box

This box is currently still active on Hack the Box - Full writeup will be available when the box is retired. Feel free to reach out to me on LinkedIn or Discord for nudges & sanity checks.

Introduction

Windows

Linux

​Starting the box

​Port Scan

​Edit the Hosts file

​Active Box

Starting the box

Port Scan

Edit the Hosts file

Active Box