Extra Quality | Hmn-639

# Base64‑encode base64 -w0 payload.bin > payload.b64

But we already have the file on our attacker box, so we move to cracking. hmn-639

Use against the local machine (no need for network access because we have the files): # Base64‑encode base64 -w0 payload

Visiting the page returns a simple HTML form that posts a base64 blob to the server. D 0 Fri Jan 5 12:15:32 2024

smbclient //10.10.10.112/backup -N smb: \> ls . D 0 Fri Jan 5 12:15:32 2024 .. D 0 Fri Jan 5 12:15:32 2024 ntds.dit A 1843200 Fri Jan 5 12:20:15 2024 SYSTEM A 1048576 Fri Jan 5 12:20:15 2024

# Nmap – top ports + service detection nmap -sC -sV -p- 10.10.10.112 PORT STATE SERVICE VERSION 80/tcp open http Microsoft IIS httpd 10.0 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds Windows Server 2019 (Samba 4.11.6) 3389/tcp open ms-wbt-server Microsoft Terminal Services