Hack The Box: Resolute Write Up - OSCP Style

This is the first series of domain controllers I was able to compromise in hack the box. At the time of this writing the box has been retired allowing me to post how I did reconnaissance, enumeration, initial foothold, and privilege escalation. I hope you enjoy reading this as much as I was challenge to hack this box!

1. Reconnaissance

Using the following nmap scan to detect open ports and services.

2. Enumeration

To start enumerating users I will run enum4linux in Kali and dump to a text file for review.

  • My host IP at the time is 10.10.14.7 and I am telling my reverse shell to talk back to me on port 4444 on the listener I will set up.

It's 2016 and all I found was Toilets running Telnet...using shodan