In this module: Login To HTB Academy & Continue Learning | HTB Academy

It says: Retrieve the TGS ticket for the SAPService account. Crack the ticket offline and submit the password as your answer.

The lecture shows a technique that uses, in which you need the DC ip, and valid credentials to a SPN account so you can retrieve a list with all the rest SPN.

The problem is that the exercise does not provide any credentials to carry out this credentialed technique.

Second, the domain name is not provided either.

The only thing I have gotten is the IP of the DC using nmap. I assume that this is the IP of the DC because it is the only living machine that has appeared.

I have tried to assume the domain name of the network in the example, which is

also assuming that the user of the credentials that is provided to me is an spn. -dc-ip INLANEFREIGHT.LOCAL/htb-student

asks for the password. I write “HTB_@cademy_stdnt!”, which is the user’s password, and it is wrong.

use the forend account

ran into the same issue, there are no credentials for the forend user.

if anyone has trouble with this module, what user on that module page has creds? :wink:

the credentials were in the introduction of the module, where it presents a narrative (we were encommended to pentest X company etc)

the required cred is located in this page : # Credentialed Enumeration - from Linux