AD Enumeration & Attacks - Skills Assessment Part I

Hi everyone,
I’m stucked at Q4. Got the User and password from the SPN MSSQLSvc/SQL01.inlanefreight.local:1433 account. Now I don’t know how to get acces to MS01.
Thanks :smiley:

i have the same problem… can’t find an answer

Maybe you need to upload some tools. Somebody any hint for the last question of the AD Enumeration & Attacks - Skills Assessment Part I?

Hello, how did you get Powerview to work on the target ? i tried to upload the file but i can’t work with it, did you uploaded a different app? greeting

Hijacking this thread to ask if anyone can give me a hint on Question 6? I’ve found the username, but can’t find the clear text file containing the password anywhere. I’m not even sure I’m looking on the right box

Have no idea how I can read flag.txt on Admin’s desktop on MS01.
I connected with sql creds but can’t do nothing. Do not see any another creds. Looks like i’m digging the wrong way.

I am stuck here too - any hints on how to go about connecting to MS01?

You can use chisel and then xfreerdp to connect to MS01 directly from kali.

1 Like

Hello guys,

I was able to do a DCSync on the domain controller with the user hash, but did not find any clear text password, also, I am not able to crack the user hash. So, I fully compromised the DC and got all the hash but I am not able to finish the assessment because of this password.
Someone could give a hint where to look?

I cant find t***** user hash .
I can Connect yo ms01 via rdp with s****** user.

Any hint pls?

Hi I was also looking for the other users cleartext password for a long time! But I finally found it I think i scrolled over it more than 50x!! If you need any tips let me know!