HTB: Cicada - OSCP Prep Write-up
Cicada is a textbook Active Directory enumeration chain. Each step surfaces something that unlocks the next user - a default password in an HR notice, a credential in a PowerShell script description field, a privilege that lets you dump the SAM. Good practice for the AD portion of OSCP. Machine info Name Cicada Platform HackTheBox OS Windows Difficulty Easy TL;DR Anonymous SMB access exposes an HR onboarding notice with a default password Password spraying with nxc identifies michael.wrightson as the matching user Listing users without RID brute reveals david.orelious has his password in his description field David can access the DEV share, which contains a PowerShell script with emily.oscars credentials Emily has SeBackupPrivilege via WinRM - used to dump SAM/SYSTEM and pass-the-hash as Administrator Recon RustScan 1 rustscan -a 10.129.231.149 ...