@nullsession0x said:
@kekra said:
@nullsession0x said:
Great box, really enjoyed it. Lots learn. I disagree with people saying all you need is Kali! There are tools out there that you will need to download to enable you to complete this. The tools I used were;
Nullinux - GitHub - m8sec/nullinux: Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
CME (CrackMapExec) - GitHub - byt3bl33d3r/CrackMapExec: A swiss army knife for pentesting networks
ImPacket - GitHub - fortra/impacket: Impacket is a collection of Python classes for working with network protocols.Enjoy
impacket was installed but I needed to upgrade it because the installed one was not compatible with some Python ASN library which caused a weird error … (known issue, discussed on the impacket github page)
Then I used hashcat for cracking (on another box for performance reasons) rather than installing the ‘bigger version of john’.
But other than that, I only used kali tools.i also enjoyed this box - this example is a bit extreme of course, but in general it’s a really realistic misconfiguration. Sometimes it’s tricky to make special k******* configurations work, like delegation and including boxes on different OSs and several ‘hops’ … and you are super happy if it finally works at all. Then you probably don’t remove all your ‘test’ configurations and replace the ‘test’ password of these special accounts by something more secure…
What tool did you use to enumerate S** share?
What typical tool does one use to interact with the S * *?
Is there only 1 S * * version? or are there other versions of S * *?
What does a typical tool use as it’s default S * * version?