Official Administrator Discussion

I can help

Hey WhiteCar Congrats on solving the box!
I was just wondering if you could help me as I’m stuck trying to get both flags. I have made progress to the point on cracking ethan’s hash but to do that I need emily’s password which I’m unable to find. I was going to look at blodhound but is was being weird with my pwn box. Could you please point me in the right direction on how I could get emily’s password or how I could approach it in a different way?
Thank you!

Zzac, I’ll give you a small hint. You have Backup.psafe3 and password (psafe2john and then use john). Read about psafe3 extention and PasswordSafe tool. This tool can help you.

1 Like

Thank you WhiteCar for your hint I appreciate it :smiley:

1 Like

I ran bloodhound but I see error when bloodhound finishes any idea? Can someone please suggest what can I do?

I’ve cracked the password but spraying doesn’t show this password valid for list of users I have. Please suggest, next step.

Got stuck trying to get from Michael to Benjamin - bloodhound says I should be able to do something but I keep getting access denied.
What am i missing?

-edit: for some reason it only worked with a particular python tool not on the pwnbox by default

got root after that one hiccup.
Bloodhound is your friend

Bloodhound > Bloodhound > more bloodhound :rofl:

I’ve got this trying to do kerberosting :
[-] CCache file is not found. Skipping…
[-] Kerberos SessionError: KRB_AP_ERR_SKEW(Clock skew too great)

it’s like I cannot do kerberosting, I don’t understand

Time, time, time! Time is your enemy! :wink:

Read posts above - you’ll get this.

Good luck!

1 Like

It works now, but it’s weird because I tried the same solutions yesterday and it didn’t work. I guess maybe you was right, try many times hh.

1 Like

Hello all. I was able to log into FTP and can see the file I need but I am getting access denied when trying to “get” the file via FTP. Not sure what I am doing wrong?

Any hints on obtaining and cracking the file that is found via FTP? I can log in with the user, see the file in their FTP directory but I am not able to download it as I get permission denied.

Great box! Love AD! DM if anybody needs help with this

Here’s a few hints. Use the hound!!! Keep them clocks in sync! Google the file type you find and how to break into it. That’s pretty much the foothold, user and admin right there.

Look at Hacktricks and go to their FTP section. There’s a one-liner you can run to download the file you’re talking about. If you have the right user, you’ll be able to download it no problem. It’s a simple wget command. Once you download it, Google the software that uses the file type and you’ll find there’s a common password cracker we all know of that has a module just for this type of file.

Thanks for the response. I did change the password to a couple users as found in bloodhound but I actually did try the wget command from hacktricks using both of the new users that I was able to successfully change the password to and no luck. I also confirm that I was able to successfully login via FTP with the one account that had ownership over the appropriate group to make sure that the password change actually worked and was the new password I set it to.

Gonna DM u

Hi, I have had a problem for several days and every time I restart the box, I am always stuck in the same place, which is Emily’s password and every time, I have the same result for the hash, I tried with different software but always the same result and always the same problem, does anyone have a clue or solution to get through this step? Thank you in advance for your answers

2 Likes

Hi, I’m at the stage of evil.
I have enum with winpeas and look around… I have not found anything.
Would appreciate a hint! Thanks :face_in_clouds:

I have the same problem, I have cracked the content that is in FTP of pswsafe and there is no way to access the password that you get, that is, it does not let me access the emiliy winRM, it is impossible, it tells me that the password is not correct and it can not be because jhon the ripper is getting it right. I don’t know what to do anymore.