Active any hints

Can anyone nudge me with privesc? I am using g***T.py and it keeps saying the identity is an unrecognized argument yet without typing that it says domain is required.

I just learned a lesson the hard way…sometimes the tools don’t act the way other people’s tools do. I had everything lined up, knew what I was doing, but for some reason the tool I was using to get to the PRINCIPAL of the issue output everything except for the most important thing that goes into a cracking program. However, I looked at the arguments again and I could REQUEST what I wanted to go to the hard drive. Worked like a charm.

I hope this helps someone. Got user easy and root figured out once I got the tool glitch figured out.

P.S. Once I got root.txt, I verified this with a friend and his program gave him what he wanted, mine didn’t. We have exact same version and all. So keep that in mind when getting answers from here :wink:

Hi got root finally, learned so much about widows machines, thanks for people who encouraged me @UrielYochpaz .

Hi, I’ve got user.txt but cannot crack it with hashcat. Any hint would be appreciated.

Hey guys! I am stuck at getting the user… I managed to get the anon login to Replication share but I could not find anything interesting there and I can’t seem to do much there. Am i looking at the wrong thing? Any hint would be appreciated!

@areyou1or0 said:
Hi, I’ve got user.txt but cannot crack it with hashcat. Any hint would be appreciated.

That’s your code for the machine, no need to use hashcat.

Keep getting KRB_AP_ERROR_SKEW(CLCOK SKEW TOO GREAT") when running the “REQ” arg with I*****. How can I get passed this, something with time or version or what’s up? :slight_smile: I know we changed to daylight savings time where I live, does that affect things?, lol

Got user and now onto root.
Thanks @lemarkus

@stiqan said:
Keep getting KRB_AP_ERROR_SKEW(CLCOK SKEW TOO GREAT") when running the “REQ” arg with I*****. How can I get passed this, something with time or version or what’s up? :slight_smile: I know we changed to daylight savings time where I live, does that affect things?, lol

I’m going to go out on a limb and guess you’re running your attacking OS in a VM. Check the date/time setting and the TZ setting in the virtualised system. VMs can often end up with bad time settings. As the system you’re trying to use relies on expiry times, it is quite sensitive to improper time settings.

@tty said:

@stiqan said:
Keep getting KRB_AP_ERROR_SKEW(CLCOK SKEW TOO GREAT") when running the “REQ” arg with I*****. How can I get passed this, something with time or version or what’s up? :slight_smile: I know we changed to daylight savings time where I live, does that affect things?, lol

I’m going to go out on a limb and guess you’re running your attacking OS in a VM. Check the date/time setting and the TZ setting in the virtualised system. VMs can often end up with bad time settings. As the system you’re trying to use relies on expiry times, it is quite sensitive to improper time settings.

Thansk for comment. Actually it’s a “dedicated box” with kali. I’ve tried to checked all the time settings, and done lots of manuals for changing it up, so frustrating :slight_smile: even trying to "net time set active.htb " and variations of that, won’t accept it though :frowning:

EDIT: Changed time back a few minutes and it worked. Time on server was 7 minutes behind. Tried syncing, but wouldn’t let me. a tool called rdate helped

Hi Guys,

I reached the replication file.Download the reletead **…xml file and decrypt the password.
Now,I can enumerate with these credentials via smblcient but still ı can’t access except the Replication file.
I tried msfconsole and use psexec with those credentials but at that time I got Login error.What am I doing wrong?

My first rooted box. It cost me 2 days.

Finally root, had to fight a bit with the format of the hash, but got it in the end.

Anyone could give me (DM) a clue on privesc? Got user but I am now struggling with privesc. Thank you/

this box was legit! props to @eks & @mrb3n!

HI all, so I cannot get JTRr to work to crack the hashes - I’ve tried both the Kali default version and also installed the M*mrppr version. It recognises the hashes but doesn’t crack them using rockyou.txt. Any tips?

@poe said:
HI all, so I cannot get JTRr to work to crack the hashes - I’ve tried both the Kali default version and also installed the M*mrppr version. It recognises the hashes but doesn’t crack them using rockyou.txt. Any tips?

I personally used hashcat, but according to the previous replies here JTR (the community enhanced edition) should work. I******t should have a tool that helps with that. There is a commandline flag to directly export a usable hash for said cracking tools.

@poe said:
HI all, so I cannot get JTRr to work to crack the hashes - I’ve tried both the Kali default version and also installed the M*mrppr version. It recognises the hashes but doesn’t crack them using rockyou.txt. Any tips?

if u use kali there is a easy tool inside for this hash check out gpp-d********

@canyin said:
Trying to crack the password but can’t use h*****t due to lack of proper hardware at the moment. Can someone PM me the good alternative with runs on ARM? Thanks!

edit. got it!

How you managed to solve the problem?
EDIT: Actually got the User flag, didn’t expect that to be soooo easyyyy… Wondering how to get root; anyone got any advice?

@Ac1d0 said:
EDIT: Actually got the User flag, didn’t expect that to be soooo easyyyy… Wondering how to get root; anyone got any advice?

There’s a python toolset that can use the creds for user to find an even more privileged user. You could say it would have an “impackt” on your pentest.