I’m having some trouble with Question 5.
“Restore the directory containing the files needed to obtain the password hashes for local users. Submit the Administrator hash as the answer.”
I can easily restore the restic backups, but downloading the SAM and SYSTEM files to my Kali box and running samdump2 yields null passwords for all local users. I believe that samdump2 no longer works with modern Windows SAM/SYSTEM dumps.
Any help is appreciated.
I figured it out.
After downloading the SAM and SYSTEM files to my Kali, I used secretsdump.py instead of samdump2 and I got the “real” hashes, not the “null” hashes! Boom!
can you give a hint on how to find and download the cookie in the previous question in this section
" Log in as Grace and find the cookies for the slacktestapp.com website. Use the cookie to log in into slacktestapp.com from a browser within the RDP session and submit the flag."
having trouble finding firefox cookie database
Hi, I got the hash using a tool, but I have no way to determine which one is mine
[*] Dumping local SAM hashes (uid:rid:lmhash:nthash)
Administrator:500:aad3bwd3b51506eeaad3b435b51404ee:20ff3655bfbs1119d751d9b012547236:::
This is the hash I got, can you tell me the format of the answer? I did some obfuscation with this hash, it’s not the correct hash
I’m stuck on the Pillaging and Miscellaneous Techniques modules of the Windows Privilege Escalation module, I have the administrator’s hashes etc. files, but I can’t get the answer
Can you show me your WIndows Privilege Escalation and ACTIVE DIRECTORY ENUMERATION & ATTACKS notes? I have been stuck in these two modules, I really want to get a little permission but there is no way to solve it, my Google mailbox is 1489481887jlb@gmail.com Thank you
OK Tannk you ,love you
LOL
Just paying it back, because I had to ask for help many times!
I’m 78.27% done with the CPTS track, and it’s been ROUGH.
John
Solve this? I have 2 ADministrator hashes but both not working
Hi, Could you please share me the notes? Thanks in advance!
my email address: studyharder011@gmail.com
Hi JTZ,
Could you please share me the notes also? Thanks in advance 
ok , I’ve sent
Thanks a lot 
Hey I was able to get the hashes but I’m not sure what format the question wants for the hash. Could you help me out with that?
Edit: It just wants the nthash
How can I get the NT Hash? with samdump2 I get the LM Hash as well as the NTLM Hash but both of them are not working
You should have what you need already. Here’s a breakdown on the NTLM hash format
Thank you for the explanation link, unfortunatly this does not work for me:
Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
I used this Part: 31d6cfe0d16ae931b73c59d7e0c089c0 but it doesnt accept the answer. The hash comes from a dump of SYSTEM & SAM files from a restore of the snapshots on E:
secretsdump.py -system SYSTEM -security SECURITY -sam SAM local
you will need these files.
Many thanks for yor help… I was not about to find the solution 
Could you maybe send me dm or so and explain me quikly why the SECURITY File is needed and what the difference between secretsdump and samdump2 is?
Hi, I Sent you DM for hint about how can you backup the SAM and SYSTEM File.
I Already done login using jeff, and backup for c:\windows\system32\config and didnt found sam file inside
i also backup for htdocs and found admin credential but cant used to login as administrator. can you show the hint please ?