How to connect to DC1 Windows Attacks & Defence

i still getting same Sid (looking in security logs), sorted by time and checked but still same bro
can you share event ID?

Event ID 4769

1 Like

still no luck

First do the attack and then check the event log

ohh, thanks bro i will try that

thanks so much bro, got it
Note - whoever follow this conversation, to get the answer do the Kerberoasting attack first and then RDP to DC1 straightaway

1 Like

does need filter out the service name , i had try filter on Security , Event ID is 4769 , filter all the ServerSid to the file for easy to look but all that is wrong answer

oh nerver mind i got it

1 Like

I understand that for Kerberoasting and AS-REProasting there’s issues for connecting to the Kali VM. I had the same problem, but to sort it I carried out the first part of each section (using Rubeus) on the WS001 VM that is mentioned in the question. After that I connected to Kali using the details supplied in Coercing Attacks & Unconstrained Delegation in order to complete the Kali section.

More specific details: I copied the file contents of the outfile into notes on my own laptop, before recreating that txt file in the Kali VM. In order to do the second question of both, simply run the Rubeus on WS001 and then connect to DC1 and your results will be there without needing to use the Kali VM.

Hope this helps anyone that felt like they couldn’t complete the question because they don’t have access to Kali on their own device.

{EDIT} There is also extra IP addresses for the VMs located in the Overview and Lab Environment section - Completely missed this and it is probably the way you’re meant to do it.

Hey Liam,
I was wondering if you could help me out. The kali VM is not working for me either. I noticed that you mention to use WS001 VM for the AS-REProasting attack. I was successful in using that VM for the Kerberoasting, but when it comes to the AS-REProasting attack, i go to use hashcat and i the “passwords.txt” file is nowhere to be found. I assumed that it was on the kali box but some people seem to be successful. If you have any advice, it would be much appreciated! thank you

Hi, I see where your problem seems to be. I went to run the attack again using the credentials supplied in the overview but they did not work for me.

Instead, I would encourage connecting to Kali through the other credentials supplied; as previously mentioned “After that I connected to Kali using the details supplied in Coercing Attacks & Unconstrained Delegation in order to complete the Kali section”.

This way, the passwords.txt file will be in the home directory (the one you will currently be in when connecting).

Hope this helps!

1 Like

This makes sense. I would not assume one would have to jump ahead sections to circumvent that process, but otherwise, there would be no way. Very clever! Thanks again for your help.

i am having issue logging into the kali machine. i have tried the ip from the documentation on the previous page but cant not connect via ssh or xfreerdp. plz help

1 Like

did you solve this yet? if not let me know i figured it out

when solving these modules, 60-70% of the time is spent looking for workarounds how to connect to something etc…

After connecting to RDP you can get SID with CMD query, the name is provided in the question field.

1 Like

RDP-ception…

Anyway, this worked to RDP into DC-1.

I still can’t SSH into the Kali machine though…

Connecting to the lab machine and establish WS001 or kali box one at a time:

  1. RDP to WS001 and obtain the file using rubeus
  2. Using SMBClient as guided in the overview page of the module
  3. When the file is located in your host machine, close the connection with WS001
  4. Establish connection with kali as target generated from Coercing Attack page in this same module
  5. password.txt is located here, so we can retrieve the password.txt to our host using scp follwing this usage guide: How to copy files from/to a Linux VM
  6. may end connection to kali, and execute ripper or hashcat in your local

Just in case anyone can’t connect to more than one target at a time, this is what I did

1 Like

First RDP to bob then RDP DC1.

1 Like

same ■■■■

Hello Everyone

I also had problems connecting to the kali machine at first. Tried to scan the whole network using nmap but no other systems but ws01 were online.

The Problem is that you have to spawn the kali machine first and there is no button to spawn all the targets in the first few sections. However you can spawn Kali in later sections such as “Coercing Attacks & Unconstrained Delegation” as mentioned by @Liam Thanks!

Happy Hacking!

1 Like