> For the complete documentation index, see [llms.txt](https://cybersecurity-cloud-and-it-notes.gitbook.io/kyles-cybersecurity-cloud-and-it-gitbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://cybersecurity-cloud-and-it-notes.gitbook.io/kyles-cybersecurity-cloud-and-it-gitbook/hack-the-box/labs/offense/tier-0-pen-testing/explosion-programming-recon-rdp-and-weak-credential-exploitation.md).

# Explosion: Programming, Recon, RDP, and Weak Credential Exploitation

Spawned Windows target IP:

<figure><img src="/files/DwYCTrUsr1ysjuO3l7yN" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/qrpdBbg0SfkHygj2ZtMj" alt=""><figcaption></figcaption></figure>

Task 1 asks for the full words of the acronym RDP. It means "Remote Desktop Protocol" I believe.&#x20;

Yep.

<figure><img src="/files/od0gp2qXHHHt9r5VuEuA" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/DhQELlI9WEXx7L6lOHV9" alt=""><figcaption></figcaption></figure>

Task 2 is asking for the 3 letter acronym that refers to the interaction with the host through a command line interface... IDK, CLI? RDP?&#x20;

<figure><img src="/files/99b4Wyu17K7pxuVFDEFG" alt=""><figcaption></figcaption></figure>

Looks like it was CLI.&#x20;

<figure><img src="/files/advuxQlDwkBVAWLP6dCs" alt=""><figcaption></figcaption></figure>

Task 3 asks what the three letter acronym is for graphical user interface interactions... IDK. GUI? RDC?&#x20;

<figure><img src="/files/YQ7pmEJFafvrXHHKp7MK" alt=""><figcaption></figcaption></figure>

It was gui.

<figure><img src="/files/vlIUtmmaXqUJGvxREHut" alt=""><figcaption></figcaption></figure>

Task 4 is asking for the old remote access tool that came without encryption by default and listens on TCP port 23... I'm guessing Telnet?

<figure><img src="/files/IJIoNsUOZICEDN9nGAPA" alt=""><figcaption></figcaption></figure>

It was Telnet.

<figure><img src="/files/XSso86RDmbiSrCu9bRWj" alt=""><figcaption></figcaption></figure>

Task 5 is asking for the name of the service running on TCP port 3389... I have no idea.&#x20;

<figure><img src="/files/EevOM6uulAOdLrMzo9Ip" alt=""><figcaption></figcaption></figure>

I ran nmap to scan all open ports and included the -sV switch to tell me what service version is running, port 3389 is ms-wbt-server. I searched that up on speed guide for more details.

<figure><img src="/files/UYltqG8jbQnG4NlIHDa0" alt=""><figcaption></figcaption></figure>

According to SpeedGuide, ms-wbt-server is RDP service.&#x20;

<figure><img src="/files/ZWnCV7Tr0o2NodjM5Dcn" alt=""><figcaption></figcaption></figure>

Task 6 is asking what switch is used to specify the target host's ip address when using xfreerdp. I think it's "/v:"

<figure><img src="/files/Vrco4VhbPUv4U67fI3yW" alt=""><figcaption></figcaption></figure>

I entered /v: and the answer was correct.

<figure><img src="/files/XRnKTIok3RqxPEskrEDP" alt=""><figcaption></figcaption></figure>

Task 7 is asking for what username successfully returns a desktop projection to us with a blank password... Idk, maybe "administrator?

<figure><img src="/files/bV2kELJWGDOe1zWvfnlr" alt=""><figcaption></figcaption></figure>

The answer was correct... So I went on ahead and used "xfreerdp" with IP and port number /v:10.129.1.13:3389 and username /u:administrator to remote into the windows target.

<figure><img src="/files/kst3LT1WMR3lf4rw6ywn" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/sIDVwYBCx1eVL0EJggL9" alt=""><figcaption></figcaption></figure>

I found the obvious flag document on the desktop of the windows machine.

<figure><img src="/files/rRYeNT1PGjTYUYDxEiJy" alt=""><figcaption></figcaption></figure>

I copy and pasted the flag from the txt file to the final task. I need to figure out how to transfer the file to my linux machine though because in the future I may need to de-hash or decrypt the files.

<figure><img src="/files/blwsc1eSZL1THU6tbIbM" alt=""><figcaption></figcaption></figure>

{% embed url="<https://www.hackthebox.com/achievement/machine/1971858/396>" %}
