Attacking Enterprise Networks - Lateral Movement (Share Hunting)

Hello,
I’m stuck at Share Hunting (Attacking Enterprise Networks | Lateral Movement) where i should use “crackmapexec” with the spider_plus module to dig around and i always get the same error (STATUS_LOGON_FAILURE):

command@HTB$ sudo proxychains crackmapexec smb 172.16.8.3 -u ssmalls -p Str0ngpass86! -M spider_plus --share ‘Department Shares’

[proxychains] config file found: /etc/proxychains.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
[proxychains] DLL init: proxychains-ng 4.14
[proxychains] Strict chain … 127.0.0.1:8001 … 172.16.8.3:445 … OK
[proxychains] Strict chain … 127.0.0.1:8001 … 172.16.8.3:445 … OK
[proxychains] Strict chain … 127.0.0.1:8001 … 172.16.8.3:135 … OK
SMB 172.16.8.3 445 DC01 [*] Windows 10.0 Build 17763 x64 (name:DC01) (domain:INLANEFREIGHT.LOCAL) (signing:True) (SMBv1:False)
[proxychains] Strict chain … 127.0.0.1:8001 … 172.16.8.3:445 … OK
[proxychains] Strict chain … 127.0.0.1:8001 … 172.16.8.3:445 … OK
SMB 172.16.8.3 445 DC01 [-] INLANEFREIGHT.LOCAL\ssmalls:Str0ngpass86! STATUS_LOGON_FAILURE

I would appreciate any suggestion/help!

1 Like

i solved it :
Go rdp back to the DNN machine and upload powerview.ps1 and use it to change password of ssmalls user

What to do if I Import Power View but the commands does not work? (Set-DomainUserPassword,)

I attempted to pass to my attacked machine multiple files of powerview.ps1 but even if they load I do not get to use the command Set-DomainUserPassword,
Any Idea what to do?

I had this issue, I removed the module (Remove-Module -Name “BitsTransfer”), deleted the file, the reuploaded it and started over.

1 Like