Official Certified Discussion

This information was amazing, I was stuck with this problem. How did you figure this out ?

Certified pwned
feel free to dm for help

yo, any hint for root ?

Search for insecure misconfigured certificate templates.

no matter what request I make with neo4j I receive : “NO DATA RETURNED FROM QUERY”

You must use certipy to search misconfigured certificate templates.

1 Like

Guys, I’ve got access to ca_operator but I can’t get from bloodhound what to do next. Can someone give me a hint?

Ok finally rooted the machine. Thanks to @aftershockman for the hints :pray:
Feel free to DM if you need help.

What wordlists did you used to crack the management_svc krb5tgs hash?

Do you always need to crack the pass?
Just asking… :wink:

Good luck!

Thank you all for the tips!

I have the same problem did you manage to solve it ?

Hi Guys. I’m in trouble with PE. I have a management_svc cred but i can’t go forward. Any hints for me?

Thx to @Paintester I can pwned the machine Thx!

Is ntpdate what you missed? I’m getting the same error, and ntpdate doesn’t help it

nevermind, shimmied back and forth between ntpdate and ntpd -gq and it suddenly worked…?

Probably. :wink: In my case it was working after 3 or 4 try.

just use faketime , it’s honestly life saving whenever ntpdate isnt working

Finally did it!
Nice box!

I have to be missing something super simple but I can’t seem to make any further progress on this box. I have been able to modify the permissions and members needed to the group, I have been able to request a ticket and obtained an NT Hash… Not sure where to go from there. I am not sure how to use the new access/permissions to gain access to the machine.

unable to get root flag. tried everything, but unable to privesc. any hint pls??