Monteverde

isma · January 11, 2020, 6:20pm

Starting the thread. 40 minutes left, good luck everyone

sx02089 · January 11, 2020, 6:22pm

?

0ri · January 11, 2020, 7:06pm

hi

brueh · January 11, 2020, 7:52pm

could somebody please lend me some gtx1080 for those hashes

0ri · January 11, 2020, 7:59pm

but how did you get those hashes?

0ri · January 11, 2020, 8:00pm

could you please give a hint on a specific service?

brueh · January 11, 2020, 8:04pm

impacket again…
but no chance to crack them…

0ri · January 11, 2020, 8:06pm

did you use kerberos attack?

brueh · January 11, 2020, 8:21pm

‘Do not require Kerberos preauthentication’ set (UF_DONT_REQUIRE_PREAUTH).

rewks · January 11, 2020, 8:21pm

I don’t know what stage you’re at but there is no cracking required to get user

0ri · January 11, 2020, 8:23pm

actually? so impacket isnt necessary?

0ri · January 11, 2020, 8:23pm

actually? so impacket isnt necessary?

lukeasec · January 11, 2020, 8:40pm

User is fairly easy, also remember that as per ‘machine submission rules’ no heavy cracking should be required on HTB, only common passwords are accepted; if you see a hash, it either can be cracked in minutes or it’s useless.

but I am really hoping this box is not all about A**** for root…my head hurts already

0ri · January 11, 2020, 8:41pm

but what script from impacket have you used? can’t figure it out

knuijsting · January 11, 2020, 8:50pm

my scripts from impacket are giving errors.
did not had that before rolling to python3.
i have users… but thats all.
and yes i did a git pull

n2h · January 11, 2020, 8:52pm

congrats @splintercode That’s insane how fast you did it

rewks · January 11, 2020, 8:55pm

@lukeasec said:
but I am really hoping this box is not all about A**** for root…my head hurts already

If it is and you figure it out, give me a shout - I’ve been going through the docs and some on-box files for over an hour and come up with nothing

n2h · January 11, 2020, 9:00pm

Type your comment> @rewks said:

@lukeasec said:
but I am really hoping this box is not all about A**** for root…my head hurts already

If it is and you figure it out, give me a shout - I’ve been going through the docs and some on-box files for over an hour and come up with nothing

That’s where I am for user…lol

robotrIP · January 11, 2020, 9:02pm

Type your comment> @madhack said:

my scripts from impacket are giving errors.
did not had that before rolling to python3.
i have users… but thats all.
and yes i did a git pull

I think I may know what you’re talking about. Had a similar issue after doing an update.
If this is your error:

Traceback (most recent call last):
File “xxxxxxx.py”, line 334, in
logger.init(options.ts)
TypeError: init() takes no arguments (1 given)

then edit out this line from the script:

Init the example’s logger theme
logger.init(options.ts)

Hope this help!

ctlfish · January 11, 2020, 9:04pm

Type your comment> @madhack said:

my scripts from impacket are giving errors.
did not had that before rolling to python3.
i have users.. but thats all.
and yes i did a git pull

If you are using kali and have the packages installed it will conflict with your libs from master and make all the scripts in the repo real sad. I don’t remember ever installing the package so it might be worth a double check.

https://github.com/SecureAuthCorp/impacket/issues/446

You can set PYTHONPATH to the repo base; I think I ended up doing both.

HTH

edit: replaced awful workaround with link to issue and more sane workaround.

P.S. when this bit me I got the same traceback and the steps in linked issue or PYTHONPATH fixed it for me