Active any hints

Got user.txt, got admin h***, but I’m stuck here. Usual tools will not accept it.

I have all the things for user but I cant make progress. If you want to help, pm

Hey guys, I got de G*****.*ml file now I am trying to crack de password, but no success, I am trying to use hashcat and john the ripper. Can you give me any hints ? Thanks!! Feel free to PM.

Rooted ! Awesome box

Anyone available to help me out with an issue? I’m not able to load a certain ticket using M******* and I’m not sure why it’s happening.

I too am stuck trying to crack the acquired hash from this box. I’ve used several popular long lists but without any success. Can someone offer a hint?

EDIT: I got it - after reverting I pulled hash again and it was a totally different value. The actual default hash on the box is easy to crack.

I can’t seem to get I******t to work for getting root could some one PM me and give me some help

After several days of struggling, finally got root !
This was awesome for me without Windows background.
If anyone need some help, PM me.

Hi all

I have user.txt and understand that I need to use a technique called ‘k******ast’ to grab a hash of a password via the *** ticketing process but I can’t get the first step.
Everything I look at - such as enumerating to get the ‘SP name’ needs to run on the target machine.
I have tried connecting a remote PS session using the credentials I used to get user.txt but that doesn’t work either - any tips?
Thanks
Poe

@poe said:
Hi all

I have user.txt and understand that I need to use a technique called ‘k******ast’ to grab a hash of a password via the *** ticketing process but I can’t get the first step.
Everything I look at - such as enumerating to get the ‘SP name’ needs to run on the target machine.
I have tried connecting a remote PS session using the credentials I used to get user.txt but that doesn’t work either - any tips?
Thanks
Poe

Hey bro, try to use Impacket to do this job, in this forum there are a lot of good hints about it.

I’m having problems with h****t i think i have all the parameters good but getting false positives i think.

Edit: nvm, rooted, i also forget how to read.

Nice box, just got ** ROOT ** Nicebox @eks & @mrb3n.

Can anyone nudge me with privesc? I am using g***T.py and it keeps saying the identity is an unrecognized argument yet without typing that it says domain is required.

I just learned a lesson the hard way…sometimes the tools don’t act the way other people’s tools do. I had everything lined up, knew what I was doing, but for some reason the tool I was using to get to the PRINCIPAL of the issue output everything except for the most important thing that goes into a cracking program. However, I looked at the arguments again and I could REQUEST what I wanted to go to the hard drive. Worked like a charm.

I hope this helps someone. Got user easy and root figured out once I got the tool glitch figured out.

P.S. Once I got root.txt, I verified this with a friend and his program gave him what he wanted, mine didn’t. We have exact same version and all. So keep that in mind when getting answers from here :wink:

Hi got root finally, learned so much about widows machines, thanks for people who encouraged me @UrielYochpaz .

Hi, I’ve got user.txt but cannot crack it with hashcat. Any hint would be appreciated.

Hey guys! I am stuck at getting the user… I managed to get the anon login to Replication share but I could not find anything interesting there and I can’t seem to do much there. Am i looking at the wrong thing? Any hint would be appreciated!

@areyou1or0 said:
Hi, I’ve got user.txt but cannot crack it with hashcat. Any hint would be appreciated.

That’s your code for the machine, no need to use hashcat.

Keep getting KRB_AP_ERROR_SKEW(CLCOK SKEW TOO GREAT") when running the “REQ” arg with I*****. How can I get passed this, something with time or version or what’s up? :slight_smile: I know we changed to daylight savings time where I live, does that affect things?, lol

Got user and now onto root.
Thanks @lemarkus