Active Directory - Skills Assessment I

plus,running Rubeus-1.5.0.exe kerberoast /outfiles:hashes.txt [/user:tpetty] [/domain:INLANEFREIGHT.LOCAL] [/dc:DC01.INLANEFREIGHT.LOCAL] i got many new users for the future steps

@stellar If you want to pass tools to MS01 you can use xfreerdp with the option “/drive:linux,/tmp”. This was explained in previous modules. I guess there are several ways to transfer files that work for this machine. This one worked for me.

To see the password you are looking for do as a colleague said above, making use of mimikatz or using crackmapexec with the --lsa option. This comment I put above. Read carefully the output of the command.

thank you for the suggestions,colleague, i will try to apply this option. Afterwards, with mimikatz or lazagne on, it will be fast. Meanwhile tried the .ps1 scripts execution bypass ,but nothing neither :wave:

I got the super duper secure tpetty password !!! with the xfreerdp , then copied the tools from tsclient to my svc_sql directory and ran mimikatz :dizzy: you boys are more logic but slowly I’ll learn!!whew :slight_smile:

1 Like