Summary: Achieving initial access on this machine was done by enumerating a list of users and using those same users as passwords for a bruteforce attack. I took advantage of a sloppy user configured as the typical “admin/admin”. Once access was gained an XML file was found with credentials for the user. From there the … Continue reading HTB – Monteverde