ACTIVE DIRECTORY ENUMERATION & ATTACKS - Miscellaneous Misconfigurations

HTB Content Academy
,
1

Hi There,

Anyone have any issue submitting their answer for Active Directory Enumeration & Attacks - Miscellaneous Misconfigurations question 2?
So far I have:
Identified user through both Kerbrute (using jsmith user list) and PowerView.
Checked against ADUC to confirm Kerberos preauth is not required for the identified user
krb5asrep hash grabbed through both GetNPUser.py and Kerbrute
Cracked hash through both hashcat and john (same answer)
Apparently wrong answer. There are no other users found to asreproast.
I get the same hash password as the module example. Anyone else had this issue? I’ve tried multiple times

Many Thanks

2

Never mind, poorly worded question suggests you provide the answer for the second user and not the original user from the first question

3

You completed this?

I have a problem with living off the land and question “Utilizing techniques learned in this section, find the flag hidden in the description field of a disabled account with administrative privileges. Submit the flag as the answer”

I used a net and qsquery with filters commands

I found users: jessica, krbtgt. Guest

please help

6

Did you also get this question?
What domain user is explicitly listed as a member of the local Administrators group on the target host?

1 Like
7

Hi did you get any hint regarding this question?

8

I was facing same issue, the key is attribute argument

9

It’s weird as question but they mean a “real person name” if you can find one in the list.
You can use a net cmd that gives info about the group needed.

10

I found it, you can also use net commands but it will take a little more digging. :slight_smile:

11

i have the same problem… idont get it what filter attribute etc i need… :frowning: Please somebody help…
“Utilizing techniques learned in this section, find the flag hidden in the description field of a disabled account with administrative privileges. Submit the flag as the answer”

12

It was hella worded poorly. It could’ve just said now that you found the user from the previous answer do blah.

15

It’s also possible to get the answer to the last question of Living off the Land with CME by sifting through the output:

crackmapexec smb 172.16.5.5 -u forend -p Klmcargo2 --users

16

The question was poorly written. Pay attention that they mean the user you found in the first question

18

-attr description