Hi everyone!
I succeeded to enumerate two users using rpcclient where a ‘jason’ is among them.
However, I still have no success to get a valid jasons’ password via crackmapexec bruteforcing using a provided password wordlist from Resources as well as to download without authentication READ ONLY file from smb share .
(get id_rsa returns: ‘NT_STATUS_ACCESS_DENIED opening remote file …’).
I some confused, what have I do next. Please give me a hint how to move ahead.
3 Likes
You’ll need a domain for it, or you can use -d
4 Likes
Thank you very much my friend!
I don’t know how much time I would spend without your hint as the --help command does not describe this option as well as this section.
2 Likes
For anyone looking for this in the future, use the –local-auth flag
8 Likes
Hi everyone,
Can anyone tell me where de password’s wordlist are? The only ones i found are in /usr/share/… but i can’t understand where is the resources.
Thank’s
Hi, look closely in the hack the box web interface (top right of the page).
1 Like
Thanks for your help - I’m sure this isn’t even in the course material?!? how helpful of htb
Can anyone explain why --local-auth is required here? Only when authenticating to a domain joined machine using plain text password??
1 Like
thank’s a lot gingerwood !
How did you find the domain?!
1 Like
Run Enum4linux