Analysis
Analysis
Analysis 584
Analysis
RETIRED MACHINE

Analysis

Analysis - Windows Windows
Analysis - Hard Hard

4.3

MACHINE RATING

2272

USER OWNS

2051

SYSTEM OWNS

20/01/2024

RELEASED
Created by UVision

Machine Synopsis

Analysis is a hard-difficulty Windows machine, featuring various vulnerabilities, focused on web applications, Active Directory (AD) privileges and process manipulation. Initially, an LDAP Injection vulnerability provides us with credentials to authenticate on a protected web application. Through this application, access to the local system is obtained by gaining command execution through an HTA file upload. On the target system, credentials for another user are found in the web application's log files. Subsequently, by implementing an API Hook on `BCTextEncoder`, an encrypted password is decrypted and used to pivot to another user. Finally, by changing the password of an account that has `DCSync` rights against the domain, administrative access to the domain controller is obtained.

Machine Matrix

Ready to start your
hacking journey?