HTB-TimeLapse machine is really a great learning box for those who are new to Windows and Active Directory Pentesting I found the initial access (user flag) easier and root flag was a bit tricky for me due to my lack of windows privilege escalation skills overall its a fun machine Enumeration As always starting with an Nmap scan Nmap discovery ...

Initial Nmap scan When I tried access port 80, it got redirected to fuse.fabricorp.local. After adding it to my /etc/hosts file I got the below page I downloaded each CSV file and found something interesting I found below usernames pmerton tlavel sthompson bhult I tried smbclient anonymous login allowed, but nothing there was found. I created a list of passwords ...

Started with nmap scan nmap –sS –sV –T4 10.10.10.200 First I tried access the http port but nothing was rendering there. The port 873 is enabled here,rsync is a utility for efficiently transferring and synchronizing files between a computer and an external hard drive and across networked computers by comparing the modification times and sizes of files(souce google.com) rsync -v ...