Official discussion thread for Certified. Please do not post any spoilers or big hints.
Is anyone else having a hard time with Pywhisker? Or am I going the wrong way? Thanks!
Go with a different tool that can do the same, you’re going the right way
Thanks for the info. Mind sharing the name of the tool? All tools that I found are for Windows usage, I didn’t find anything else from UNIX besides pywhisker . Thank you!
Pwned!! Anyone needs help feel free to DM.
certipy has a module for that type of attack
Thank you very much!
same here mate
For anyone having difficulties with pywhisker using pipx with latest commit:
You can checkout a previous commit and use pywhisker like this.
git clone GitHub - ShutdownRepo/pywhisker: Python version of the C# tool for "Shadow Credentials" attacks
cd pywhisker
git checkout c4ecf41
do_something_here
This works without any issues. You can also try other tools that does the job. pipx install is suffering right now for recent changes, this may save you from wasting time.
Hello all! Just got home and started the box, and also hit a wall with this tools and this was the way I resolved my last issue:
For people running blackarch etc. and have a MD4 error, follow these instructions:
Happy Hacking!
I don’t remember seeing a banner on top of my screen the 1st time I started this box, but for peeps whom may have missed this CRITICAL piece, here’s the banner
As is common in real life Windows pentests, you will start the Certified box with credentials for the following account: judith.mader / judith09
Ok just in time for dinner! spend more time fixing tools and creating my own tools in rust than exploiting the box but ohh well fun overall #HappyHacking - Owned Certified from Hack The Box!
Should I crack the hash before use pywhisker? Mine show that is empty or I have no permissions
Anyone that used certipy and managed to pwn the box for some help? ive been trying for hours with no luck
Any directions for the initial foothold? I am focusing on LDAP tho…
where this info is located? I don’t see this
After obtain de ccache to the user how do i connect? I tried wmiexec, psexec, evil winrm. Any help?
BloodyAD
You can also obtain the NTH**h instead
Check bloodhound