@seiyathesinx said:
can’t manage how to use john to do the job
You might need a bigger version of John.
@seiyathesinx said:
can’t manage how to use john to do the job
You might need a bigger version of John.
So getting root on Active was surprisingly difficult for a so few points. The hints here are useful and the tips people gave me were invaluable.
It turns out a lot of the problems were linked to the versions of software I had running. The best suggestion I can give about that is if you try something which should work but gets error messages, google the messages. You might find out it is a known problem and using version 0.9.18-dev or the Magnum version solves it.
@nullsession0x said:
Great box, really enjoyed it. Lots learn. I disagree with people saying all you need is Kali! There are tools out there that you will need to download to enable you to complete this. The tools I used were;
Nullinux - GitHub - m8sec/nullinux: Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
CME (CrackMapExec) - GitHub - byt3bl33d3r/CrackMapExec: A swiss army knife for pentesting networks
ImPacket - GitHub - fortra/impacket: Impacket is a collection of Python classes for working with network protocols.Enjoy
impacket was installed but I needed to upgrade it because the installed one was not compatible with some Python library which caused a weird error … (known issue, discussed on the impacket github page)
Then I used hashcat for cracking (on another box for performance reasons) rather than installing the ‘bigger version of john’.
But other than that, I only used kali tools.
i also enjoyed this box - this example is a bit extreme of course, but in general it’s a really realistic misconfiguration. Sometimes it’s tricky to make special k******* configurations work, like delegation and including boxes on different OSs and several ‘hops’ … and you are super happy if it finally works at all. Then you probably don’t remove all your ‘test’ configurations and replace the ‘test’ password of these special accounts by something more secure…
@kekra said:
@nullsession0x said:
Great box, really enjoyed it. Lots learn. I disagree with people saying all you need is Kali! There are tools out there that you will need to download to enable you to complete this. The tools I used were;
Nullinux - GitHub - m8sec/nullinux: Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
CME (CrackMapExec) - GitHub - byt3bl33d3r/CrackMapExec: A swiss army knife for pentesting networks
ImPacket - GitHub - fortra/impacket: Impacket is a collection of Python classes for working with network protocols.Enjoy
impacket was installed but I needed to upgrade it because the installed one was not compatible with some Python ASN library which caused a weird error … (known issue, discussed on the impacket github page)
Then I used hashcat for cracking (on another box for performance reasons) rather than installing the ‘bigger version of john’.
But other than that, I only used kali tools.i also enjoyed this box - this example is a bit extreme of course, but in general it’s a really realistic misconfiguration. Sometimes it’s tricky to make special k******* configurations work, like delegation and including boxes on different OSs and several ‘hops’ … and you are super happy if it finally works at all. Then you probably don’t remove all your ‘test’ configurations and replace the ‘test’ password of these special accounts by something more secure…
What tool did you use to enumerate SMB share?
@nullsession0x said:
…
What tool did you use to enumerate S** share?
The one you already mentioned above… that you said you used to no avail… it worked well for me.
[Edited… was perhaps a spoiler].
@nullsession0x said:
@kekra said:
@nullsession0x said:
Great box, really enjoyed it. Lots learn. I disagree with people saying all you need is Kali! There are tools out there that you will need to download to enable you to complete this. The tools I used were;
Nullinux - GitHub - m8sec/nullinux: Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
CME (CrackMapExec) - GitHub - byt3bl33d3r/CrackMapExec: A swiss army knife for pentesting networks
ImPacket - GitHub - fortra/impacket: Impacket is a collection of Python classes for working with network protocols.Enjoy
impacket was installed but I needed to upgrade it because the installed one was not compatible with some Python ASN library which caused a weird error … (known issue, discussed on the impacket github page)
Then I used hashcat for cracking (on another box for performance reasons) rather than installing the ‘bigger version of john’.
But other than that, I only used kali tools.i also enjoyed this box - this example is a bit extreme of course, but in general it’s a really realistic misconfiguration. Sometimes it’s tricky to make special k******* configurations work, like delegation and including boxes on different OSs and several ‘hops’ … and you are super happy if it finally works at all. Then you probably don’t remove all your ‘test’ configurations and replace the ‘test’ password of these special accounts by something more secure…
What tool did you use to enumerate S** share?
What typical tool does one use to interact with the S * *?
Is there only 1 S * * version? or are there other versions of S * *?
What does a typical tool use as it’s default S * * version?
Finally got root, learned some new tools, and that I should pay attention to the command line args.
HT to nullsession0x who helped show that I was on the right track after all
Great box, really enjoyed it. Lots learn. I disagree with people saying all you need is Kali! There are tools out there that you will need to download to enable you to complete this. The tools I used were;
Nullinux - GitHub - m8sec/nullinux: Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
CME (CrackMapExec) - GitHub - byt3bl33d3r/CrackMapExec: A swiss army knife for pentesting networks
ImPacket - GitHub - fortra/impacket: Impacket is a collection of Python classes for working with network protocols.Enjoy
This helps me lot bro. Thanks
Finally rooted.
I got the hash out of the x** file, but can’t find a tool that will recognize it for cracking. Anyone want to give me a hint on what to crack it with. I can see that if I can get it cracked I should be able to access some other directories where the file was.
@n0bf said:
I got the hash out of the x** file, but can’t find a tool that will recognize it for cracking. Anyone want to give me a hint on what to crack it with. I can see that if I can get it cracked I should be able to access some other directories where the file was.
Google a bit on the field name where you got the hash and you should get your answer. If not let me know Ill send you a link.
Rooted, awesome learning experience for me, this is the second windows server I root, so a lot of things were new. thanks!
got the password pretty quickly then moved to find where to use it. did some realworld pentesting techniques to get usernames. found the principal of the matter but need to crack it and hashcat and john don’t recognize the format.
update: Thanks to @Rantrel and @kekra I am now crackin’. Pay attention to the modes!
update: rooted.
best realword box so far i think.
@nullsession0x said:
Great box, really enjoyed it. Lots learn. I disagree with people saying all you need is Kali! There are tools out there that you will need to download to enable you to complete this. The tools I used were;
Nullinux - GitHub - m8sec/nullinux: Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
CME (CrackMapExec) - GitHub - byt3bl33d3r/CrackMapExec: A swiss army knife for pentesting networks
ImPacket - GitHub - fortra/impacket: Impacket is a collection of Python classes for working with network protocols.Enjoy
There’s one, not listed, that I used for initial entry… but telling means spoiling. I didn’t have to install it and the process is quite straightforward and fast.
Rooted, nice box with awesome privesc! Thanks to creators!
having trouble with the initial foothold. I assumed everyone was referring to anon login for *mb but I haven’t been able to access… I’ve tried smbclient, nulllinux, rpcclient, NSE scripts and even metasploit. I’ve tried enumerating everything I can think of .
Any hint in the right direction would really be appreciated
@xplo8 said:
having trouble with the initial foothold. I assumed everyone was referring to anon login for *mb but I haven’t been able to access… I’ve tried smbclient, nulllinux, rpcclient, NSE scripts and even metasploit. I’ve tried enumerating everything I can think of .Any hint in the right direction would really be appreciated
You mentioned one of the tools that I used to initially get in. Check your syntax and target share.
BTW, I didn’t need to privsec in order to obtain the root.txt. The tools mentioned in this thread worked. I did, however, spend too many hours trying to figure out how to crack the hash via JTR. I finally just installed hashcat on my host machine per a recommendation here.
Just a suggestion if anyone gets stuck where I was stuck for a while.
Got user, thanks @Rantrel
Anyone want to give me a hint on root?
@xplo8 said:
having trouble with the initial foothold. I assumed everyone was referring to anon login for *mb but I haven’t been able to access… I’ve tried smbclient, nulllinux, rpcclient, NSE scripts and even metasploit. I’ve tried enumerating everything I can think of .Any hint in the right direction would really be appreciated
You don’t need an exploit. Think how you would mount a Windows partition on a Linux system.