# Registry 10.10.10.159 ![Owned on ](https://1020855008-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHdTwldplFku-IlYazS%2F-MPCeCzgjxT4uoY5zbIu%2F-MPDECwuEnevFk9YhX_9%2Fimage.png?alt=media\&token=a2940ee1-d1e4-48a4-a38c-ff966f5f71ee) ## Background [R](https://www.hackthebox.eu/home/machines/profile/225)[egistery ](https://www.hackthebox.eu/home/machines/profile/213)is an Hard difficulty Windows machine from HacktheBox**,** it requires the SMB enumeration technique and source code review, for training your ethical hacking skills and penetration testing skills. <130n@calvinlai.com> **Target Machine**: 10.10.10.159 **Attacking (Hacker) machine:** 10.10.14.9 ## Penetrating Methodology ### Service Scanning * Nmap ### Enumeration * Enum4linux * dnSpy ### Exploitation * msfvenom ## Walkthrough: Target machine: 10.10.10.178 Attacking (Hacker) machine: 10.10.14.9 ## Hacking Process Part 0 – Service Scanning The target machine IP is10.10.10.178. Get a basic understanding of the available services of the target machine using nmap aggressive scanning to all available ports. Quick searching nmap -sV -A -oN nmap-htb-registry-detail.txt registry.htb ![](https://lh3.googleusercontent.com/5LRLZVXog-ujXfIiyfL_Os2_jzgQ63Aq1apKijpKzcWtC-KhOdJNpXE8e_e1J-vYxyza6LDJUQHnADaGopFHOM2Oyd2EnkePx5td0G7cntOU3TS6S8FvRFvcynZSWrRuYQ) ![](https://lh3.googleusercontent.com/Y5TRWIbk97yyofmQw3r3jh_1UAUhswoj3XHnScjH9wJkGuCH1pfnYf_HQ9avSgr8OKPCyiMj3yxBmMRlcSeUa8JoxZqtqP0Nr6GHJFbq-tArd-SyVFTafbDCURV4gzEZgQ) Enumeration strategies 1. Web Application Vulnerability 2. Web Enumeration docker.registry.htb 3. SSH Enumeration ## Hacking Process Part 1 – Enumeration ### 1.1) SMB Enumeration #### SMBMAP ![](https://lh3.googleusercontent.com/94i2bVb7nfziSdWoQLAGEQSiw1fYHPiqjQuYk4GOtcYshOwTASGAbGWiBYYIztsT3aKcI5yf-Is7j-oWExV5KzIKTm3eebDHh_stNEAKgjWZrM-EvG5PaXhyt4p1XsPS-A) #### nmap --script smb-enum-shares -p 445 ![](https://lh6.googleusercontent.com/cp7AHgTLwpeR-k28vaKawIYOxdHgIDQ5xW_6HXtzWCRfLqPUjZkJFYLz3nciadsVRf_BlXHNSa7lzRdW2RWHr2BOwbvjtD0rtKBSGglXBpwCZwEhyCoeiwFBzBz4ovCq2w) enum4linux ![](https://lh4.googleusercontent.com/_6nhKqz0JICzzHQNkjISheJAGfxpeqDmxDNoCIdq7GtuEZA5gojqkKOJcgyd4wa1FkR-DHs8ldK77Lsya5dfOTFSVFqSZep2gJNmqgpkkwT7o5hRxyCu2BSYLN8wO54TpQ) smbclient ![](https://lh6.googleusercontent.com/4nXlrH4Pk_bQDhmuXsnJpJFA_kjhy9cEgXB5jmSX0g2zKQ0caG26Eei98OtUxIjNgGSM1vyMnOJeO5paYogrJzdoV3TvLxTC_Muc7lKvVWmFhBgFfwHmgRBHDZJ8Kno8Sg) smbclient -N //nest.htb/Users ![](https://lh4.googleusercontent.com/_UVUL28Si6lj_fipt-nOHTShZpylHcGvtEoRw9wa6a4dDyGj884X1NSkp3ZQpPzE7WqOQGxI5e5ULQPjFGp6gTpnW8BV87G_Qi3RSPFw2uloFXIic4aW7t1uWZiAXAA91A) ![](https://lh4.googleusercontent.com/8w_tYqLt3jYj43qNTM7mIWoLvESwyiUtqNRnLBn875mFdt9YiLE9NcHL79a9d71QeewEqHQOGBxREA50XOgsCKnlXnBOgh-8E04amFWP9K563gYoMANDXVfrKzF3KJ3aMA) ![](https://lh4.googleusercontent.com/-A2i3JRUsphJFF27ORhvnUTx4Y40U3qiIc_LHTSkAYvmj3v7yjJHIslQOMsx6EiG3IMWDtVvINDTQ5FMGJOU7mCqAzidZ0EViHxNKVnuy6v0RfM43vV6nccngUCsnUp6Rw) ![](https://lh6.googleusercontent.com/QfKcGco-YVxIPvIKezTD5YVJqQ8DM3ZhipBmOdEfY0jhWaTeo_FdBb38p3gCSmc4CrOkOYWYjsInjRrQNloM22WRF_JqG5dZ5x1-3VAetm_zaQQC2bHcTi1eJrXeAl7azA) ![](https://lh6.googleusercontent.com/jjCWH8AZ4na6V1TPypb9Y8RdQOy-74HXyoAthLB4FiOS3Ya8jLUTeF0Cxce1w_E4lQbv_ws1Nn18YBilyBOHmRO6vkoUiMgZ_v5FsZAVNCxz4iNVrUz31R5dNlkeRCDnyg) ![](https://lh6.googleusercontent.com/cKtn6xcoxqQlUl92TAuFLNa_8vB6nq-9lm4ZbnM4Xb7Mih16QqwWfPt3iEdAEwZtcFzRmpnNgzcQe1ze5ryon-F2l4vuYBbAvJLSjDGoLkY9TJAfRb8TAL7AtSEmMwUpYA) ![](https://lh5.googleusercontent.com/0iffKwE2OhJHAqZQKgnggJKmwRVdRaBaBj9xMLEsb6IVHYz8YotoqIpgNC-ZvvOTbGoDYRNp5p_gZ34Ecs4k9IPXovDvW7zKeVMYJpVNvaOfXGGzJ2o9YTjnXkCCaGpczw) ![](https://lh4.googleusercontent.com/KaTJwQa66j9WnRrXThVVKvGGcmd_46sn3158D9BXty5bLYmyE09oWox9Ph8Y6bDtutbhX5-iQ9bdfyK1hT4qcieXdTIE-Q5RbqMwEqERPGhuuU7vztQXOENKjvM16DHwJQ) \IT\Configs\Adobe\editing.xml \IT\Configs\Adobe\Options.txt \IT\Configs\Adobe\projects.xml \IT\Configs\Adobe\settings.xml \IT\Configs\Atlas\Temp.XML \IT\Configs\Microsoft\Options.xml \IT\Configs\NotepadPlusPlus\config.xml \IT\Configs\NotepadPlusPlus\shortcuts.xml \IT\Configs\RU Scanner\RU\_config.xml \Shared\Maintenance\Maintenance Alerts.txt \Shared\Templates\HR\Welcome Email.txt \IT\Configs\NotepadPlusPlus\config.xml ![](https://lh4.googleusercontent.com/Zs6iYjRl0gz8n3dCAzhWvm4MO1_zNWcnkVEtkeqsVGg7JjEMykq6zKOnYHIwkSheptmZvjwYnOztBzJBDGDx9Tn_SmpcwOhlgc2rQ0tsKNt05o05lOOHzUQpMEx5o89TXw) ![](https://lh6.googleusercontent.com/Rvyrv0Lxcyxwx-GjWQ81VJYABL-jwnmh6jC2bEn8nI7AOuDw1K6EjCKcHfsLFS0hs-0EX6AMnPMbcDMyp-pr_dsHSVVq_cEQjIstsLiQ-cMCdQ_CSNaJHI89ThZd_CSvSQ) c.smith fTEzAfYDoz1YzkqhQkH6GQFYKp1XY5hm7bjOP86yYxE= mount -t cifs //10.10.10.178/Secure$ /root/Documents/ctf/htb/windows/10\_nest/hostfile/Secure -o user=TempUser,password=welcome2019 According to the config.xml there is af directory ![](https://lh6.googleusercontent.com/pz9j_jS67NyDt5w51I022zuCiGnXZg_N2frc2V1uWwR7o4KqG-BnUA3AH2LQO3aN_Pm8nVkxUF_FXz6D4HnR9U57Q4OFuqNgWrUHrMH4uhfC_ws514gNpfOP--a_bZqbIA) ![](https://lh4.googleusercontent.com/YO2S6y52-9roVX0UqS4SWePgcQETOkrR0QpDr6o0dtypUcwNkRG_zqN9pnIGAQv9vUUYTGIv-z7l4LDXf2jgo7ZS9mHjeUAT5pQwlTFSoHWzw2wtd2-VK0bLlxaU_W3qlw) ![](https://lh5.googleusercontent.com/PAafi79ORg5D-SA4T3IgtLf-1Mbk_3mRMHwCRnIEAnEaPDsXO-hrSlfN8Bbts4wgLewbLgUuIP5dqp80daVb_su8kdIzeiEeJOUdB6mRFutKAZeDDKiaFvR8Ers5Hc67Sg) [https://dotnetfiddle.net/kiYWi4](https://www.google.com/url?q=https://dotnetfiddle.net/kiYWi4\&sa=D\&ust=1607148356707000\&usg=AOvVaw1Z34buN6qt3jxzC-Ydidkk) ![](https://lh6.googleusercontent.com/0BannzqIK2yygfuCVGB4gCfWhEDUn2EOSpGnCo3ZtM8oZgopA9010dO5HtrgQQrPCiAgOJv1e3qk2DUALhOx6Dclod0lDOOtnZhYaQQf5oNLmX4wu4Akx9egFgUDoEuiXQ) c.smith fTEzAfYDoz1YzkqhQkH6GQFYKp1XY5hm7bjOP86yYxE= xRxRxPANCAK3SxRxRx smbclient \\\\\\\nest.htb\\\Data -U c.smith ![](https://lh6.googleusercontent.com/MLMMxttTwemdUPLSaysBBWEM3T3Lx3udfQSaR_vdGHxusABluBiQrH6g71KNQ_NEskR0fvdBviyTN-qpHBcZV4sAG14g7Tzs5x5Xg9HLUaGi58e8M28TW7UnnJtI8VahDw) ![](https://lh3.googleusercontent.com/_8S8TeGukm4jh0-HgSsCeL8mszy9eXGshT0zd2K2VTFU1rVanV-3euxXPJ3DkJ85Ec5TbrUBX8VYwFlCM7kVLtZRWpeWtASl6u01HSIp1-VUfoOWNRr7HWub17PXzXjGRA) ![](https://lh3.googleusercontent.com/KUcohRfV9Xkt653FUBcfzOGPOIWBoyQ2Roipv2tb9M6dvoPp9q2GBP_P2G58KoNa6kI6CltKTIOSks_3yy0iEDYiXiVH6CSNIwiASoU14uPwe5Yf2x3B-irS7qKBpYFvhQ) ![](https://lh5.googleusercontent.com/EXIy0nz2eC7p_17BAElEvyEm87Bu4M5oK7hmGRUvylwKJafU5oeEmuTuA1mherBeMsPjehyNhhr_RXsLtY9mVMkk9IxubozMxk-5O5uMxQ3fjMQjOpY8Ec4Y_fE84qt1nw) ![](https://lh4.googleusercontent.com/xxYolYeqnw8s5L48L_XFwJKBVQfm2_Z5pq7PerigEx-D3gFx-bMNGn9PO04AGEmucwzzsuqAB3K4cNSEa3XNupsALSOqeU03dlwwrRbjHSStjA3r1v1lGe6sRW4s4Gy-cg) ![](https://lh6.googleusercontent.com/uwLYv7Zr_BjMMRsxarcilhP4Idhiuq82dPjsDvYM1_z9scPCX-x6BjiB8ZaTHiF3D5zu7M4eHyzmVG7e-DSU2C-EKp4a_yFja74iW2GC9JvnZWFZhRWEOl-f7G4CCQENBQ) ![](https://lh6.googleusercontent.com/SOlIlzR_rVGtFKD1nXB_J5Abz37uwQcg4e_sQwN4T-8ce8zzN2g2t0zYLt93z7O7ngnhoAXjrLB7PguCeo2PwtZ-TnufK1nTjeZW_GPa3Uf_oD0y-pkCWVGNanJktpjoIg) ![](https://lh4.googleusercontent.com/NzKLHE1U3IpD1T5aPWt5OS3ci4QPyJczRFGVcR4ij2X1GnCSWTYO1FcrQW2HnsXFpUDd44z4tK1UnNI0p51ZML2EsCn45bG9ZSVXIxLEj_UXnnuzLvlp2SxNB7zEdmwUhw) ![](https://lh4.googleusercontent.com/pQRLtU4Qb9JXLqegkC7IFwrFkyfmuIbayAt_lZbdraMtNry8Vy9Rssd9cV1BlfHm5AguYqSPseEM8kg9hdzoxS_npTHYyKtiSps_JGjsa5MnJMNkVbs3awN8ufM-XVHP7A) ![](https://lh4.googleusercontent.com/o9yPz888mbqCHuqygYfSkMmfZvhIQcK_FN5vow2hF_HK4mimKZKyk1XZZOz1H-ilQ0IKxPyhTxA7dWGOfia4m2g3Iezsms5pVaY_6YcSD_ZjDVj_v0zqoS0XVYbeTQg-2Q) ![](https://lh3.googleusercontent.com/_1gRib4A-3ekoEQrCWijOZtcg3x630HKx7zITK03yRSM7w8bcPcTcLKhlhJZ5wTQt_VLXBX50gk7iLx5P3GP24OplpsR6E2IimgptlXihEe_hcevNwTkm3-Q-FkA_MoMjg) ![](https://lh6.googleusercontent.com/xy-oNfp7P3Lynd3Pt8Yf3hJ0RMSPxsrxGtu6Cs7uHd-hjHDmZpGra4A_KxsrgcSoOlYp4ds-UioQx7pDmI2-hSsi6268RXleZk0moeKyba1UyWpovUHSP4rT8b2I8cNVzA) WBQ201953D8w ![](https://lh6.googleusercontent.com/2PaA4ZK-FKUFHu4Wi4wiPv2mWG2Uk7yRL3dMNyIm9OI3lgcf17QKIOKyyU3Hs5PGvrS-b6_f9wZTQN3hhv2DRsdhb5CDIp2TnBdlzpw0BMkyz0_6BBO2B-TS17MCRJmzqg) ![](https://lh3.googleusercontent.com/_6E2cFxMa1iFqM4MIWMdB4KBsVVHf1LWsdosZ28UkYc9yF608rRNFQ9IjWjSFNUK6PVGE9HgqiyGqSPq807XaBoLAn5m-bNW-n-I9LbiawE7_PPZCBxiiAGtXu0IgeBSLw) ![](https://lh4.googleusercontent.com/55a0Eb5EH9TkyIoGBCkvF8WVdOn7vu8yZAV0DofYtkzBZN0oy-JSbvzXbxEWKpOx2NI5h5IutdJfTrW0mpqq5kiEUnQJCk_D6n548bR8FgawUAUcHietNUMPX9vy4QGYww) ![](https://lh6.googleusercontent.com/fo6rjgZGkQcwkIQOFpgd-DD-7kdk9XXOd670v4kBqp7TiswFy7mZT55yEBX9tMUoBC8dw7tloM9KVKk1CII9MNjajUwPWKlDqxqjJfYwPcU4RWnj_bjiC3PYPVwQHZi1hA) ![](https://lh5.googleusercontent.com/dNzyTKQglbko_N02DAvEJyVC7_XnPNyGznd639ga_paZeZUCpWSwpBs2IvktPJNxye7cAK62caDrz0Ui9lZ_dFqjraipiEIRu8MQLxW3WGkWlLAq6GJee1rcX4dXBxcHDQ) ![](https://lh5.googleusercontent.com/wpgGWQZNQVcbZpBreaqgwUeRmQRubLiMGq_qzcCe55GYcB15RfQoejm5Yrx-zyxtEdmmwvRWUnVPDc5mXE7Kf7lh-wgRlo5dh47y14FEY-Q6gGBU3g0HU_2BsXlJf0OOMA) ![](https://lh5.googleusercontent.com/BXmSb6f-WQT1fk_aRmxIgkEjIu3qtfZ2Nbj6F_DiW0N3RnJTCd2Ie047s4tNWLk-Gygzeqi3HmlJv0vpY_HOVjQ5hpxw1DM08LmtZi8C3iOgHANc8HEB1UEHe1yBVc__eg) ![](https://lh3.googleusercontent.com/yQM7zclix3fZsRjSd52etRZKO1OV-kDk4qVtEVrD6d921tsfF8tzWtuR8_lGoEisAnpkSAKY_CfZ9OxDoxZv8eO7flTyZDccAnwPq8xWHveKdqfBuif0jZROoi-KyMR2uA) ![](https://lh4.googleusercontent.com/M-Sy7G1aydTA9qDVHYtBnmwWS32BamRbRts6vDI27Z4qf18LfJHRfz_GcQir2WwRl2a22gkb7nwFRtyJLTPvmwZNV0ZEVXOHZWr6-cUXqxwXI3z6Hm63hXbdK7uUciPAdA) ![](https://lh4.googleusercontent.com/-euFwdYQtfc635Vkjg7GaCvO_aVzGAO9njyy0GQ0u6IO0FvfsvYfWmoILFn8waimO2diz-5267pLdMWbaSe2rdwinF6Be-8gpI1dyI8lumGfAh3zKkUFvswKcKpz-z3LTA) Adminstrator "XtH4nkS4Pl4y1nGX" ![](https://lh3.googleusercontent.com/eIH4ats-vODmprqrLilIHM-L6SwUdn_zMxSgcrMF0zeh5HPYc64XmEDclRCFX7HzfQpFkLLhPEtNaETsGNWw0o7VPV-Tvt-EYprvGq25nandVGpGa9_xSsI5kZRKpOpdhA) ![](https://lh3.googleusercontent.com/9YTBsTqEL-PT76dseIhnCpzk3bDJIJzWxNZtOJapqxeFTNUiD2fihuljVZ_nhHFDhxQU-Nk_RY7Iwebl7v-emeWlMIxWh3nIIVvmLMknKHOzolGpa469Y6mosYqtPerj4w) ## Hacking Process Part 2 – Exploitation ### 2.1) Brute force attack ## Hacking Process Part 3 – Getting Low Privilege Access ## Hacking Process Part 4 – Privilege Escalation ### 4.1) Directory Enumeration ## Conclusion... ## Reference Link [https://www.anquanke.com/post/id/86080](https://www.google.com/url?q=https://www.anquanke.com/post/id/86080\&sa=D\&ust=1607148356716000\&usg=AOvVaw3Hi0zBNo8fBq8AV9EJWra6) [https://github.com/0xd4d/dnSpy](https://www.google.com/url?q=https://github.com/0xd4d/dnSpy\&sa=D\&ust=1607148356716000\&usg=AOvVaw22sXB8qRIn07P7VKYXpLxE)