Hacking Year of the Owl (thm)
NOTE: I am currently migrating my writeups and cybersecurity notes to my github This writeup can be found in a new and shiny form at puzz00 year of the owl writeup --- The Year of the Owl is a machine by MuirlandOracle on tryhackme We start by using nmap to scan the TCP ports. The results show us that this appears to be a windows machine because we see netbios on port 139, SMB on 445 and winrm on its default port of 5985. We take a closer look but don't find much of interest. Since SMB is running, we can try a null session attack, but this does not work. We cannot connect using rpcclient without valid creds, either. Web app enumeration does not reveal anything of interest, so I have not included it in this post. We need to find another way to enumerate usernames and potential passwords. We can try common UDP ports using nmap. The results come back in the open|filtered state which is not very useful. We do not know if the ports are open or if the UDP datagrams are bei...