Very good machine… it was little challenging for me because i dont have that much experience with the lang and technique used for the PE part, thanks @VbScrub for the excellent challenge i’ve learned a LOT from it… (also thanks for the article explaining the base for this exploit, i still have some questions but i will try to answer them myself )
As for the hints i think that the post from @InfosecGreg contains all the information that you need…
however if you get stuck feel free to drop me a PM.
I have been away from HTB for a while so I have been going through and doing as many as I can to catch up. All was going well until this box lol. I had a lot of trouble with this as I was learning the material for the first time as well as dealing with broken tools. I would suggest that if you have access to a windows VM that you follow @VbScrub’s videos on the topic using Windows as the attack OS. In the end that’s what I ended up doing.
stuck! Well, I have everything I need I’m certain of it. wireshark, debug, verbose hours later and nodda. This feels like I’m looking at at the solution and not seeing it for the forest. Also, the tools that are support to work show in wireshark that they are def not doing as instructed. A kind nudge in the right direction without spoiling it would be greatly appreciated. One a side note, Active, Forest, Outdated, pivotapi, sizzle, fuse.
Finally! Loved this box! Been wishing for some serialz fun. There’s also another avenue of attack which is not possible with the common tools but is hinted at via a certain tools module output.
I’m not sure what i’m doing wrong. I’m impersonating low-priv user and I have their ticket but I’m not able to contact the machine using ldapsearch.
Should I be using a different tool instead? I peeked at the write-up and it’s using ldapsearch as well but Server not found in Kerberos Database.
Not sure if it’s a technical issue or a me-issue. Either way, a nudge would be much help. I’m at a stand-still rn. I can’t tell if GSSAPI is failing or if it’s something with DNS. Idk what’s happening.
I seem to be getting a new issue that’s different from what other people are seeing. I continuously receive an error related to SSL routines, in spite of all of the documented changes I have tried as linked above. Any advice on how to resolve this issue…?
I have tried setting up a virtualenv for Python using Python 3.8, reinstalled Impacket, modified tds.py, openssl.cnf, GetUserSPNs.py, all still coming up empty on my end.
)
