Walkthrough: Solving Sauna HTB Challenge via Active Directory Enumeration
A cybersecurity researcher documented a step-by-step solution to the Sauna machine on Hack The Box, a platform hosting Capture The Flag (CTF) challenges focused on penetration testing. The target machine ran Active Directory services for a fictional domain called egotistical-bank.local, exposing ports including LDAP, SMB, Kerberos, and WinRM. Using tools such as Kerbrute and LDAP search, the researcher enumerated valid domain usernames including fsmith, hsmith, and Administrator. An AS-REP Roasting attack via Impacket's GetNPUsers.py successfully extracted a Kerberos hash for user fsmith, which was then cracked using Hashcat against the rockyou wordlist. The recovered credentials were used to gain remote access to the machine through Evil-WinRM on port 5985.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in