Findings

Domain/Host Name

Add to /etc/hosts

sudo bash -c 'echo "192.168.247.165 DC01.heist.offsec" >> /etc/hosts'

dc01.heist.offsec (This is a domain controller).

Vulnerabilities

SSRF via Web Browser App on port DC01.heist.offsec:8080.

Hashes

enox::HEIST:8f1cdc0bf714538b:422AFEA2B9D6C1B10345D3CCE9B419B4:01010000000000001B2F6B8D6A06DC01920FCA8E4315711F000000000200080044004E004400450001001E00570049004E002D0033003400300033004400580053004C004800320035000400140044004E00440045002E004C004F00430041004C0003003400570049004E002D0033003400300033004400580053004C004800320035002E0044004E00440045002E004C004F00430041004C000500140044004E00440045002E004C004F00430041004C0008003000300000000000000000000000003000005E885D6EF0205EA9631890DD3F49613646C895717D4CDAEC9694535193F942620A001000000000000000000000000000000000000900260048005400540050002F003100390032002E003100360038002E00340035002E003100350035000000000000000000

Credentials

enox:california

Flags

References

• https://youtu.be/QdYu34-3Res?si=9gEjGZfO2Sq5MjTc
• https://josephjee.com/all-posts/proving-grounds-walkthroughs/heist