AD Enumeration & Attacks | Academy

Hi, I made this topic to help each other with this big module.
Can someone give me a hint about ACL enumeration? How did you get the objectacetype of the first right?

Hi there, did you ever figure this out? I’m stuck at the same place and would appreciate any help.

PS C:\Users\htb-student> cd c:\tools
PS C:\tools> Import-Module .\PowerView.ps1
PS C:\tools> $sid = Convert-NameToSid forend
PS C:\tools> Get-DomainObjectACL -ResolveGUIDs -Identity * | ? {$_.SecurityIdentifier -eq $sid} -Verbose

Everything would be fine.
But this command freezes, ((((

Command seems to be slow or unresponsive for me as well. I’ve tried the BloodHound way of enumerating this and I can’t seem to get the right answer.

Replying myself because I found the right answer. If you use Bloodhound to gather the answer you will have to do a bit of googling to get the right answer.

I received a response through the command
But I didn’t run it through PS, but through cmd.exe and I waited for a very long time until it worked out to the end, at the very very end of the command output, an answer will be waiting for you))

Thanks for the tips. I also found that running the above series of commands in the Powershell ISE environment on the lab server, works. It takes about 30min to completes the scan but all other methods froze for me except this. Like Darcia mentioned, the answer will be at the very end of the output.

Thanks @Smi77y6i9 . I have run the commands from PoweShell ISE and after waiting several minutes I get the answer.

Hello, guys. I am trying to connect to SQL01 with mssqlclient.py
mssqlclient.py -p 1433 SQLEXPRESS/n****:'D***_****_******'@SQL01 -windows-auth
but receiving Temporary failure in name resolution. Could somebody tell me what I am doing wrong?

That was frustrating! The command did eventually work but I assumed it had frozen. I would love to know how you found it with Bloodhound, DM if you remember please. Thanks!

I would add grep for powershell goes very handy

I have the same problem as everyone here :slight_smile: Unfortunately I get no response from PowerShell or even ISE and Bloodhound just so.

I have found rights but the wrong ones, can someone help me with Bloodhound, please DM me

Ok this my kind contribution for the last answer. Did this with bloodhound because the command are not responding at all (freezed)

  • Just follow the steps showed at this section (about bloodhount)
  • You will find the clue you need between forend and gpo managment (all is in the material)
  • Combine the question with what you get from bloodhound and google it
  • You will find what are you looking for and that’s it

S…-M…

Good luck!