I need help to find the users cleartext passsword, secretsdump.py needs password of the user and i dont have one. Any one can help?
You should have obtained the password in the module just before the DCSync module. It was an answer to one of the questions. However, I canāt even get secretsdump.py to even run with the right password and IP address set. It just displays āCleaning upā then ends. No output file anywhere to be found 
Hmm, I am stuck at this oneā¦ tried to run admin powershell as adunn with netonly then load mimikatz and tried to dcsync it didnāt work. Tried to set-up a tunnel with chisel to run secretsdump.py and it didnt work. Tried to do it with secretsdump.exe and it didnāt workā¦ Also, the module says to RDP to 10.129.228.87 (ACADEMY-EA-MS01) ,10.129.180.120 (ACADEMY-EA-ATTACK01) with user āhtb-studentā and password āAcademy_student_AD!ā - and is unclear at all because the other host is not working.
1 Like
did you get it eventually?
I am also stuck here. How do you get the RDP to work on the ATTACK01 host? Is that supposed to be our base attack system inside the network like in previous modules?
Hey man, itās been some days since I finished this machine and I really forgot all the steps. But I think I eventually got it working after restarting it a couple of timesā¦
Hope you got it too!