HTB · Medium
HTB AirTouch: Medium Walkthrough – SNMP Leak to WPA2-Enterprise Rogue AP Attack
An SNMP system description leaks an SSH password. Network segmentation reveals three VLANs accessed via Wi-Fi. WPA2-PSK cracking provides a foothold in the Tablets VLAN, followed by web exploitation and certificate theft. A rogue access point attack against WPA2-Enterprise captures an MSCHAPv2 hash, which is cracked to gain access to the Corporate VLAN and root.
