KERBEROS ATTACKS : Skills Assessment

Can someone please help me with the below challenge or point me to the correct the redirection?

What's the content of the file: \\DC01\Secret Share\flag.txt?

I am monitoring the ticket with .\Rubeus.exe monitor /interval:5 /nowrap on Server01$ (unconstrained delegation) but looks like I am missing something.

1 Like

I could use help on this as well, not sure what I am missing here but I cannot figure out how to access the share. Thanks!

I got it… make sure to open your powershell as admin. And renew the ticket

1 Like

Try using the command type \\DC01\Secret Share\flag.txt at your computer’s command prompt to view the contents of the flag.txt file located in the Secret Share share on the DC01 server.

I am running rubeus and after rebooting several times there is a user called jake. Did you solve it using the jake user or was there an other user?
thanks

did you ever figure it out? the user jake is not a domain admin and i tried the printer bug, that didnt work either.

nothing works i even used ptt with mimikatz but they user jake.kirk doesnt have the proper permissions

Update: got the flag, it is a simple case of overcomplicating of my side.
Leaving the hints below for the future, and a non-technical one: don’t think privesc, think access.


Seems that I got stuck here as well:

  • RDPing into SERVER01 as Annette.
  • Running PS as admin, firing up Rubeus on monitor.
  • Using SpoolSample to coerce DC01 to authenticate.
  • Nothing’s captured on Rubeus aside from jake.kirk, which is non-privileged.

Anyone knows what am I missing?