Academy - Windows Privilege Escalation - Pillaging

19delta4u · November 2, 2022, 6:19am

I’m having some trouble with Question 5.

“Restore the directory containing the files needed to obtain the password hashes for local users. Submit the Administrator hash as the answer.”

I can easily restore the restic backups, but downloading the SAM and SYSTEM files to my Kali box and running samdump2 yields null passwords for all local users. I believe that samdump2 no longer works with modern Windows SAM/SYSTEM dumps.

Any help is appreciated.

19delta4u · November 2, 2022, 6:43am

I figured it out.

After downloading the SAM and SYSTEM files to my Kali, I used secretsdump.py instead of samdump2 and I got the “real” hashes, not the “null” hashes! Boom!

truthreaper · November 10, 2022, 3:51am

can you give a hint on how to find and download the cookie in the previous question in this section

" Log in as Grace and find the cookies for the slacktestapp.com website. Use the cookie to log in into slacktestapp.com from a browser within the RDP session and submit the flag."

having trouble finding firefox cookie database

JTZ · December 6, 2022, 5:25am

Hi, I got the hash using a tool, but I have no way to determine which one is mine
[*] Dumping local SAM hashes (uid:rid:lmhash:nthash)
Administrator:500:aad3bwd3b51506eeaad3b435b51404ee:20ff3655bfbs1119d751d9b012547236:::
This is the hash I got, can you tell me the format of the answer? I did some obfuscation with this hash, it’s not the correct hash

19delta4u · December 6, 2022, 7:06am

Sorry. It’s been a while since I did the AD module. I have good notes though. Which section/question are you on?

John

JTZ · December 6, 2022, 7:57am

I’m stuck on the Pillaging and Miscellaneous Techniques modules of the Windows Privilege Escalation module, I have the administrator’s hashes etc. files, but I can’t get the answer

JTZ · December 6, 2022, 8:07am

Can you show me your WIndows Privilege Escalation and ACTIVE DIRECTORY ENUMERATION & ATTACKS notes? I have been stuck in these two modules, I really want to get a little permission but there is no way to solve it, my Google mailbox is 1489481887jlb@gmail.com Thank you

19delta4u · December 6, 2022, 8:19am

My notes are very large files, so I shared my Windows Priv Esc notes and my two AD module notes.

Try and download them as I will remove access tomorrow.

Let me know if you run into any issues viewing/downloading.

John

JTZ · December 6, 2022, 8:29am

OK Tannk you ,love you

19delta4u · December 6, 2022, 8:31am

LOL

Just paying it back, because I had to ask for help many times!

I’m 78.27% done with the CPTS track, and it’s been ROUGH.

John

mateuszmon · April 25, 2023, 7:11pm

Solve this? I have 2 ADministrator hashes but both not working

19delta4u · April 25, 2023, 8:02pm

I did a while ago. I made notes for every module i did. Send me your gmail email address and I’ll share my notes with you. They are in my Google Drive.

John

Winston · June 6, 2023, 12:48pm

Hi, Could you please share me the notes? Thanks in advance!

my email address: studyharder011@gmail.com

Winston · June 7, 2023, 8:53am

Hi JTZ,

Could you please share me the notes also? Thanks in advance

JTZ · June 7, 2023, 9:24am

ok , I’ve sent

Winston · June 7, 2023, 9:42am

Thanks a lot