Official Administrator Discussion

HTB Content Machines
66

Ahh try evil-winrm :slight_smile: psexec is only good if you have admin creds

67

Can Michaelā€™s hash be cracked by Hashcat? It returns no results.

Edit
Oh I get hash again.

68

Any hint after get michael credential?

69

All the people lost in the process, it is all about AD.
If something feel odd, go back to Bloodhound and will tell you how to procede.

1 Like
70

sudo ntpdate 10.x.x.x(IP DC) or administrator.htb (DNS only will owrk if you add the hostaname to /etc/hosts). Run this command at leat 2 times I dont know why sometimes does not work at first

71

yeah im lost, been at this all day and I cant get anything to work, I have to be missing one small thing thats causing it all not to work. If anyone could give suggestions it would be great. Gonna check back when I wake up.

72

what you need bro?

73

Anyone else getting errors like socket ssl wrapping error: [Errno 104] Connection reset by peer when trying to poke around for initial foothold with the provided credentials? Canā€™t tell if thereā€™s an issue with my tools or if this is by design due to some setting on the target.

74

Guys, I poked around on Bloodhound, and I got Michael and Benjamin users starting from Olivia. I cracked the password of some sort of password management stuff, but I donā€™t know how to use it. I did some spraying but nothing. At this point the path seem clear to me, the Em user to Eth user to Admin, but I cannot get Em user, any hint? I searched for any type of connection based on the users I already owned but Iā€™m stuck.

75

Iā€™m having an issue with this as well. Got a hash but rockyou isnā€™t, well, rocking today with either hashcat or john.

76

after you cracked the file and enter in password management, the password is already in clear text. You can follow this comment right here Official Administrator Discussion - #43 by MEGAZORDII

1 Like
77

Any tips or hints for this one?

78

this one what, bro?

79

Try get hash again, I do it and get another hash and crack it very quickly

80

Daaamn, I donā€™t know why I forgot I cracked a password management database. LOL. Thanks for the hint.

1 Like
81

Continuing the discussion from Official Administrator Discussion:

Hello, i got the root flag. But somehow i didnā€™t see the userflag.
Can someone give me a tip where to look, or is it in the same as root.txt?

82

Finished! That was so much fun and I felt well-prepared for it especially following Certified. For user, I was a little surprised I needed to do something that normally, in my experience, is frowned upon at HTB as it can mess with others targeting the same target VM as you. I looked for other ways around this but, after sanity-checking it with someone else who had finished it and learning it was actually required for this target, I moved right along at a good pace. Root was pretty easy after everything Iā€™d done to get to that point. :smiley:

83

Turns out I must have been at a different place than you were, looking at a hash for a different account. Thatā€™s why it wasnā€™t working.

85

Is it possible to kerberoast over evil-winRM? I keep getting this error:

Exception calling ".ctor" with "1" argument(s): "The
NetworkCredentials provided were unable to create a Kerberos credential, see inner execption for
details."

Iā€™m starting to wonder if this is the right approach for lateral movement from the olivia user?

86

Really liked this box. If youā€™re enumerating AD thoroughly with the usual AD tools it will be a breeze! Feel free to pm if you need a nudge!