InfoSec LAB

Home

❯

HTB

❯

Infiltrator

❯

4 Post_Enumeration

❯

Infiltrator_Output_Messenger_Calendar

Created: Sep 3rd 20241 min read

Infiltrator
HTB
Network
Windows
Active_Directory
Vulnerability_Assessment
Output_Messenger

Output Messenger Calendar

Upon successfully authenticating to the Output Messenger application as the o.martinez user, I was able to check the Chiefs_Marketing_chat chatroom that contained some notable information.

I will be checking out the calendar as suggested

The calendar is heavily populated with http://dc01.infiltrator.htb and http://infiltrator.htb This was brought up earlier in the chatroom with the winrm_svc account. The o.martinez user mentioned that there are random website pop-ups at 0900h. Given the calendar is filled with those “random” websites, it would appear that those “tasks” or “events” are getting executed or much like “scheduled tasks”

New Event

It would appear that I can create a new event

Creating a new event has several actions to choose from, and there is an option, “Run Application” If it really is the case that these so called “events” are getting executed, I might be able to achieve code execution on the dc01.infiltrator.htb host through that “Run Application” option

Moving on to the Lateral Movement phase

Interactive Graph View

Output Messenger Calendar
New Event

Backlinks

Infiltrator_Output_Messenger_API
Infiltrator_Lateral_Movement_o.martinez
Infiltrator

Share your thoughts