Got user.txt, got admin h***, but I’m stuck here. Usual tools will not accept it.
I have all the things for user but I cant make progress. If you want to help, pm
Hey guys, I got de G*****.*ml file now I am trying to crack de password, but no success, I am trying to use hashcat and john the ripper. Can you give me any hints ? Thanks!! Feel free to PM.
Rooted ! Awesome box
Anyone available to help me out with an issue? I’m not able to load a certain ticket using M******* and I’m not sure why it’s happening.
I too am stuck trying to crack the acquired hash from this box. I’ve used several popular long lists but without any success. Can someone offer a hint?
EDIT: I got it - after reverting I pulled hash again and it was a totally different value. The actual default hash on the box is easy to crack.
I can’t seem to get I******t to work for getting root could some one PM me and give me some help
After several days of struggling, finally got root !
This was awesome for me without Windows background.
If anyone need some help, PM me.
Hi all
I have user.txt and understand that I need to use a technique called ‘k******ast’ to grab a hash of a password via the *** ticketing process but I can’t get the first step.
Everything I look at - such as enumerating to get the ‘SP name’ needs to run on the target machine.
I have tried connecting a remote PS session using the credentials I used to get user.txt but that doesn’t work either - any tips?
Thanks
Poe
@poe said:
Hi allI have user.txt and understand that I need to use a technique called ‘k******ast’ to grab a hash of a password via the *** ticketing process but I can’t get the first step.
Everything I look at - such as enumerating to get the ‘SP name’ needs to run on the target machine.
I have tried connecting a remote PS session using the credentials I used to get user.txt but that doesn’t work either - any tips?
Thanks
Poe
Hey bro, try to use Impacket to do this job, in this forum there are a lot of good hints about it.
I’m having problems with h****t i think i have all the parameters good but getting false positives i think.
Edit: nvm, rooted, i also forget how to read.
Can anyone nudge me with privesc? I am using g***T.py and it keeps saying the identity is an unrecognized argument yet without typing that it says domain is required.
I just learned a lesson the hard way…sometimes the tools don’t act the way other people’s tools do. I had everything lined up, knew what I was doing, but for some reason the tool I was using to get to the PRINCIPAL of the issue output everything except for the most important thing that goes into a cracking program. However, I looked at the arguments again and I could REQUEST what I wanted to go to the hard drive. Worked like a charm.
I hope this helps someone. Got user easy and root figured out once I got the tool glitch figured out.
P.S. Once I got root.txt, I verified this with a friend and his program gave him what he wanted, mine didn’t. We have exact same version and all. So keep that in mind when getting answers from here
Hi got root finally, learned so much about widows machines, thanks for people who encouraged me @UrielYochpaz .
Hi, I’ve got user.txt but cannot crack it with hashcat. Any hint would be appreciated.
Hey guys! I am stuck at getting the user… I managed to get the anon login to Replication share but I could not find anything interesting there and I can’t seem to do much there. Am i looking at the wrong thing? Any hint would be appreciated!
@areyou1or0 said:
Hi, I’ve got user.txt but cannot crack it with hashcat. Any hint would be appreciated.
That’s your code for the machine, no need to use hashcat.
Keep getting KRB_AP_ERROR_SKEW(CLCOK SKEW TOO GREAT") when running the “REQ” arg with I*****. How can I get passed this, something with time or version or what’s up? I know we changed to daylight savings time where I live, does that affect things?, lol
Got user and now onto root.
Thanks @lemarkus