Official Certified Discussion

Official discussion thread for Certified. Please do not post any spoilers or big hints.

Is anyone else having a hard time with Pywhisker? Or am I going the wrong way? Thanks!

Go with a different tool that can do the same, you’re going the right way

1 Like

Thanks for the info. Mind sharing the name of the tool? All tools that I found are for Windows usage, I didn’t find anything else from UNIX besides pywhisker . Thank you!

Pwned!! Anyone needs help feel free to DM.

3 Likes

certipy has a module for that type of attack

1 Like

Thank you very much! :slight_smile:

same here mate

For anyone having difficulties with pywhisker using pipx with latest commit:
You can checkout a previous commit and use pywhisker like this.
git clone GitHub - ShutdownRepo/pywhisker: Python version of the C# tool for "Shadow Credentials" attacks
cd pywhisker
git checkout c4ecf41
do_something_here

This works without any issues. You can also try other tools that does the job. pipx install is suffering right now for recent changes, this may save you from wasting time.

3 Likes

Hello all! :wave: Just got home and started the box, and also hit a wall with this tools and this was the way I resolved my last issue:
For people running blackarch etc. and have a MD4 error, follow these instructions:

Happy Hacking! :computer: :black_flag:

I don’t remember seeing a banner on top of my screen the 1st time I started this box, but for peeps whom may have missed this CRITICAL piece, here’s the banner

As is common in real life Windows pentests, you will start the Certified box with credentials for the following account: judith.mader / judith09

5 Likes

Ok just in time for dinner! spend more time fixing tools and creating my own tools in rust than exploiting the box but ohh well fun overall #HappyHacking - Owned Certified from Hack The Box!

Should I crack the hash before use pywhisker? Mine show that is empty or I have no permissions

Anyone that used certipy and managed to pwn the box for some help? ive been trying for hours with no luck

Any directions for the initial foothold? I am focusing on LDAP tho…

where this info is located? I don’t see this

After obtain de ccache to the user how do i connect? I tried wmiexec, psexec, evil winrm. Any help?

BloodyAD

You can also obtain the NTH**h instead

Check bloodhound