Help me with windows attack & defense PKI-ESC1

Connect to the Kali host first, then RDP to WS001 as ‘bob:Slavi123’ and practice the techniques shown in this section. What is the flag value located at \dc1\c$\scripts?

Hi, I’m stuck on this part and I can’t go on, I don’t understand how the things works. After creating the certificate cert.pem on the ws001 machine with certificate.exe they suggest to modify the file in a .pfx but it’s not explained how should I do it with the Kali, the documentation only shows a couple scripts to convert the file but I’m not understanding how should I pass the file from the ws001 to the Kali and back again once converted. Please help me

do smbclient from kali, just type smb, command is alredy prefilled. I stuck after transfering the file to kali, can1t convert it. If you can please let me know

Save the certificate Just doing copy paste on a txt on the Kali, then do the command to convert, first this one “sed -i ‘s/\s\s+/\n/g’ cert.pem” and then this “openssl pkcs12 -in cert.pem -keyex -CSP “Microsoft Enhanced Cryptographic Provider v1.0” -export -out cert.pfx” , once you convert it, you can transfert the file in the other machine, hope will be helpful

thank you, it worked

Hello.

how can i RDP to WS001. i tried ping to WS001.eagle.local to know the ip and RDP to that adress but i failed. It says the trust between computers failed.

please help.

The ip of the ws001 should be the 172.16.18.25 if I remember…when you open the attack machine search in the start menu for “Remmina” and use it to connect via RDP the machine

thanks. i already solved. i asked because the conection was failing. HTB says to wait 10 minutes when conected to targed machine to load settings.

hello, tried to use the

“sed -i ‘s/\s\s+/\n/g’ cert.pem” and then this “openssl pkcs12 -in cert.pem -keyex -CSP “Microsoft Enhanced Cryptographic Provider v1.0” -export -out cert.pfx”

however i got this error: No supported data to decode. Input type: PEM

what should be the format inside the cert.pem file?

hey @josemmm11 im still getting the error trust between computers failed. how did you solve these

contact HTB support and explain to them the error to get support.

Best regards

same here

Finally got it: the machine is just not stable, reload is untill the error stops appearing

Hi there, I got this error “could not read private key from -in file from cert.pem” Does anyone else have it? I’m really stuck in here

do you mean resetting the machine?

For those strugging with error “could not read private key from -in file from cert.pem”

Make sure to copy the seciton from BEGIN RSA line to END Certificate

**go to Save as cert.pem MAKE SURE the encoding is UTF-8 ** (Default is UTF-16 which can cause error)

I have a message when execute Rubeus:
[!] Unhandled Rubeus exception:

System.Security.Cryptography.CryptographicException: The specified network password is not correct.

I think is because when i execute openssl in the previous step is need to enter a password: what is tha password? i dont understand.

If you get this error it is because you are making password, just input enter twice when it prompts you for a password to avoid this. I wish they said it within the reading.

Hello everyone,

I wanted to know if anyone could give me the flag contained in \dc1\c$\scripts.

As you may know, HtB is really lame on the CDSA machines and I just cannot complete the exercise. It’s easy as s***: I connect to the kali machine from the pwnbox via RDP, I run 1 cmd and get disconnected for 10 minutes. I reconnect again, I run xfreerdp on the kali machine so that I can access the second target machine, I get disconnected again. After that, I just run xfreerdp again and again on the 2 machines and I just never have the timeframe to run the commands because both machines (kali and WS001) crash one after the other.

HtB is unhelpful and as I explain them that I am using their Pwnbox, they suggest me to “change my internet connection” or extend the timeout of xfreerdp.

So far, it is the only flag I did not get. I succeeded to screenshot the result from Certify.exe, and after I retyped manually the WHOLE f****** cert + rsa key, it doesn’t work (I must have made a typo but I just do not want to go through it again, it took me more than 1 hour).

If a kind soul passes here, or simply an HtB guy able to fix my problem… Thank you in advance.