I’ve been encountering a challenging issue for the past two days and could use some guidance. Here’s what I’ve accomplished so far:
However, I’ve hit a roadblock. I’m unable to self relay onto the IP address 172.16.119.70.
The main issue is that none of the relays I’ve captured seem to have command execution capabilities, nor do they have the ability to write on shares on any of the hosts. This has left me at a standstill, and I’m unsure of the next steps to take.
Could anyone provide some advice or point me in the right direction to resolve this? Any help would be greatly appreciated.
It took me like a couple or three of days to solve this skill assessment, so here goes some tips for some people struggling in the future.
Whenever you are stuck with relaying NTLM, remember what you can do by checking the road map from Hacker Recipes: Road map image.
The first time I saw this image, it was confusing for me, but after completing the following sections I understood what it meant.
Question 2:
What @halfluke said is key, review the Advanced NTLM Relay Attacks Targeting AD CS section.
Question 3:
I do not understand how @Patota was able to obtain the password of user sqlftp before finishing question 2. Since, at least as of October 9, 2024 and the way I have solved it, question 3 is a continuation of question 2, and is not independent.
Question 4:
Is much easier than question 2, but in case you’re struggling you might want to review the Farming Hashes section, taking advantage of what you have achieved with question 3.
Hi friend, I’m new to this platform and I’m stuck on the second question. I tried the ESC8 attack and it wasn’t successful. Can you give me some tips?
I don’t know how to send a DM.
Hi friend, I’m new to this platform and I’m stuck on the second question. I tried the ESC8 attack and it wasn’t successful. Can you give me some tips?
I don’t know how to send a DM.
@Patota ,
Hi friend, I’m new to this platform and I’m stuck on the second question. I tried the ESC8 attack and it wasn’t successful. Can you give me some tips?
I don’t know how to send a DM.
[*] Attempting to trigger authentication via rprn RPC at 172.16.119.3
[-] An unhandled exception has occured. Trying next host:
[-] [Errno Connection error (dc01.inlanefreight:445)] [Errno -3] Temporary failure in name resolution
Hey there friend.
It’s been a while since I resolved this lab, so I barely remember it.
However, look a your error message, the last line precisely. It seem to be related with the DNS service.
Have you correctly configured the DC’s hostname and FQDM and domain’s name in you’re /etc/hosts file?
If you’ve done it, try to perform a manual DNS request, if it fails maybe there is an issue with the lab, try to restart it. But if it still doesn’t work it may mean that whatever you’re trying isn’t the way to go.