I am trying to finish the kerberoasting chapter but I have abslutetly no idea how to " After performing the Kerberoasting attack, connect to DC1 (172.16.18.3) as ‘htb-student:HTB_@cademy_stdnt!’ and look at the logs in Event Viewer." How do I connect to this adress?
Hey I am sorry but I have another question to you. How did you manage to make ssh connection to Kali machine or smb connection to WS001? I couldn’t even do these. I only managed to connect User bob with xfreerdp and that’s all. Even though I found the hashes of the service accounts using rubeus.exe, smbclient command didn’t work and I couln’t get the spn.txt. Could you please tell me how you did it?
You can connect using the following command to connect to SMB from your attack machine.
smbclient \\TARGET_IP\Share -U eagle/USERNAME%PASSWORD
Then use get spn.txt to download the file.
RDP from the bob’s machine and use the given DC1 creds to connect.
Actually I tried the command written in the example (smbclient \\172.16.18.25\Share -U eagle/bob%Slavi123), however this is what it says “do_connect: Connection to 172.16.18.25 failed (Error NT_STATUS_IO_TIMEOUT)”
Secondly, the password “kali” doesn’t work for the ssh connection to attack machine kali.
You need to use the target IP address in the command, not the IP address of WS001.
I used xfreerdp for that and not ssh. It worked for me.
I SSH’d into the Kali box and then used crackmapexec to remotely execute the reg add command with crackmapexec’s -X flag
After reading the comments above I still struggled to connect to DC01, so here is what I did:
- connect to the target as bob (as described for the first task)
- go to ‘Start → Windows Accessiors → Remote Desktop’ and login with the creds from htb-student
Hint: the keyboard layout sucks so what I did is copying the ‘@’ from the password hashed and build up the htb-student password in the text editor to copy-paste it into the login dialog…