Scribd Logo
Upload

Welcome to Scribd!

  • Create PDF in Your Applications With The Pdfcrowd: HTML To PDF Api

    Uploaded by

    Jean Pierre
    6K views4 pages
    The document summarizes steps taken during penetration testing. It was found that Outlook Web Access version 15.1.669 was installed on port 443 of IP 10.10.110.254, relating to Exchange Server 2016. Further enumeration found a user blog with links to an Instagram profile belonging to Amber Hope, whose username included the password hint of "Labrador8209". This was used to create a wordlist and brute force login to OWA, discovering the username and password of "RLAB\ahope": "Labrador8209". Logging in revealed the flag RASTA{ph15h1n6_15_h4rdc0r3} in the tasks section.

    Original Description:

    Original Title

    htb_scienceontheweb_net_rastalabs_flag1

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document summarizes steps taken during penetration testing. It was found that Outlook Web Access version 15.1.669 was installed on port 443 of IP 10.10.110.254, relating to Exchange Server 2016. Further enumeration found a user blog with links to an Instagram profile belonging to Amber Hope, whose username included the password hint of "Labrador8209". This was used to create a wordlist and brute force login to OWA, discovering the username and password of "RLAB\ahope": "Labrador8209". Logging in revealed the flag RASTA{ph15h1n6_15_h4rdc0r3} in the tasks section.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6K views4 pages

    Create PDF in Your Applications With The Pdfcrowd: HTML To PDF Api

    Uploaded by

    Jean Pierre
    The document summarizes steps taken during penetration testing. It was found that Outlook Web Access version 15.1.669 was installed on port 443 of IP 10.10.110.254, relating to Exchange Server 2016. Further enumeration found a user blog with links to an Instagram profile belonging to Amber Hope, whose username included the password hint of "Labrador8209". This was used to create a wordlist and brute force login to OWA, discovering the username and password of "RLAB\ahope": "Labrador8209". Logging in revealed the flag RASTA{ph15h1n6_15_h4rdc0r3} in the tasks section.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    found outlook is installed on 10.10.110.

    254 on port 443,

    viewed page source and found owa version is 15.1.669


    then found that version is related to exchange server 2016, hence this is 2016 owa
    owa -outlook web access

    found Rastalabs website on 10.10.110.10 on port 80

    Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
    on firther enumeration, found people blog,
    found user amber hope has linkednin and instagram profile

    Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
    on seeing instragram profile, amber has username amberhope8209 and found amber if following labrador pages

    hence created a user and password wordlist file

    use metasploit module ---------- auxiliary/scanner/http/owa_login ---------- to bruteforce

    found the username and password

    Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
    'RLAB\ahope' : 'Labrador8209'

    then login to outlook and navigated to tasks and found the flag

    RASTA{ph15h1n6_15_h4rdc0r3}

    Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD

    You might also like