ACTIVE DIRECTORY ENUMERATION & ATTACKS - Miscellaneous Misconfigurations

Hi There,

Anyone have any issue submitting their answer for Active Directory Enumeration & Attacks - Miscellaneous Misconfigurations question 2?
So far I have:
Identified user through both Kerbrute (using jsmith user list) and PowerView.
Checked against ADUC to confirm Kerberos preauth is not required for the identified user
krb5asrep hash grabbed through both GetNPUser.py and Kerbrute
Cracked hash through both hashcat and john (same answer)
Apparently wrong answer. There are no other users found to asreproast.
I get the same hash password as the module example. Anyone else had this issue? I’ve tried multiple times

Many Thanks

Never mind, poorly worded question suggests you provide the answer for the second user and not the original user from the first question

You completed this?

I have a problem with living off the land and question “Utilizing techniques learned in this section, find the flag hidden in the description field of a disabled account with administrative privileges. Submit the flag as the answer”

I used a net and qsquery with filters commands

I found users: jessica, krbtgt. Guest

please help

Did you also get this question?
What domain user is explicitly listed as a member of the local Administrators group on the target host?

1 Like

Hi did you get any hint regarding this question?

I was facing same issue, the key is attribute argument

It’s weird as question but they mean a “real person name” if you can find one in the list.
You can use a net cmd that gives info about the group needed.

I found it, you can also use net commands but it will take a little more digging. :slight_smile:

i have the same problem… idont get it what filter attribute etc i need… :frowning: Please somebody help…
“Utilizing techniques learned in this section, find the flag hidden in the description field of a disabled account with administrative privileges. Submit the flag as the answer”

It was hella worded poorly. It could’ve just said now that you found the user from the previous answer do blah.

It’s also possible to get the answer to the last question of Living off the Land with CME by sifting through the output:

crackmapexec smb 172.16.5.5 -u forend -p Klmcargo2 --users