note the name of the backup file you got initially. Search on ways to exploit that popular service, especially on which exploit methods that can use those two files you split out from the .p** file.
2 Likes
Rooted!!
Good Windows machine for sure with good refreshersā¦at least for me. Kudos to @ctrlzero
1 Like
Have root something to do with powershell? s**_****** doesnāt have admin rights and it cannot install missing powershell module for LAPS. I have some trouble with crackmapexec and I didnāt find passwords for other accounts. Can someone give me some direction?
From what you are saying, you are on your way there. I can only say to forget about crackmapexec and similar stuff. Think about what you were thinking about through your local enumeration, before you moved to the access you are relying on right now. If you enumerated that first access (yeah iām trying to be slightly vague), repeat the processā¦you donāt need admin rights if you know what I mean.
Well, yes, youāre very vague. Maybe youāre telling a story. 
hey, I tried to! 
DM me if anything.
I got all the usernames with MSF6 sc#####/smb/smb_########
Admi######
G####
krb###
and more usernames im trying crackmapexec with rockyou.txt and no luck
and no luck loging as Guest
finallyā¦ root
wow, brain totally scrambled, lots learned, respect to @ctrlzero
3 Likes
Ok. Iāve found zip file, I extract and convert the p** to c** and k**. So, now Iām looking for user, because the only method that Iām thinking to use (e***-w****) needs user and password (even with Āt and Āy files). Iām trying to enumerate users through the basic like smb and ldap, but not success. If someone want to exchange tips feel free to dm me :Ā)
i met it too,try with john --show
i met too, it asks me for PEM pass , and i donāt know what it is
Before to do what you want, with the same tool that you are trying to crack, search to alternatives that will help you with the initial extension of file youāve found.
tks, i think iāve find my mistake.
I should input the password by keyboard rather than cv
Need some help with priv esc. Got s**_******. I am not able to run SharpHound on the machine for some reason. My guesses are that there is a file somewhere or the account priv is exploitable. Hoping to get a hint of some sort here. 
Any nudge on how to get foothold? never do windows machinesā¦
itās a more modern Windows OS, so your mileage may vary with enum4linux. However, just looking at your output, guest is enabled so a good first step would be to see what you can do with that. Couple that with port 445 being open and you can get the party started 
FWIW, I was able to complete the entire challenge using linux (Kali).
DM me if you get stuck.
2 Likes
are you logged in the S**_****** user or do you need creds for that user?
run āstringsā on the .p** file.