Official Vintage Discussion

if you check the AD network you’ll find a very vintage looking computeraccount. I wonder if those have a inherent vulnerability?

Ive tried every tool to dump that password tho, nothing seems to work

Thanks for an interesting link. I’m still stuck. Any hint to log in as given user? BH doesn’t seem to work here.

Thanks

Enumeration should be your primary goal. Bloodhound works with the creds that are initially given.

1 Like

Ok, so probably I need to switch VPN, reboot machine, or think once again about my future… :wink:

Thank you very much!

1 Like

any hint on root?


good!

did you find any way to move forward , i am also stuck here only

anyone knows how to parse msds-allowedtoactonbehalfofotheridentity to human-readable?

Learnt a lot from this box… Finally PWNED it!!!

Thanks to @T33C33 and @olliz0r for the guidance…

DM me for nudges. Always happy to help…

Hi,

Since few days I’m trying to figure out why my bloodhound doesn’t work with given credentials.
I also tried to solve this using hints from @d5fa4lt .

Any ideas what am I missing?

Thanks

Edited:
Ok, BH worked. I was missing --dns param when I tried to use the tool. Next what I missed was: if you’re sure you’re doing ok - try again. In my case it worked after 4 time. :wink:

Good luck!

am playing catch up because busy with work, this box took me 5-6 days to do after family and work time, but it was a refresh of some windows priv escalation techniques that is always welcome! FUN #HappyHacking htb ctf #Hispagatos find us on #usenet newsgroups: alt.2600.madrid hispagatos.talk mastodon: fediverse address: @rek2@hispagatos.space matrix: @rek2:hispagatos.org #HappyHacking

Does anyone have a : KDC_ERR_S_PRINCIPAL_UNKNOWN
Commande :
└──╼ $netexec smb DC01.vintage.htb -u P.Rosa -p Rosaisbest123 -d vintage.htb -k --port 445
SMB DC01.vintage.htb 445 DC01.vintage.htb [*] x64 (name:DC01.vintage.htb) (domain:DC01.vintage.htb) (signing:True) (SMBv1:False)
SMB DC01.vintage.htb 445 DC01.vintage.htb [-] vintage.htb\P.Rosa:Rosaisbest123 KDC_ERR_S_PRINCIPAL_UNKNOWN

Hi,

Should I be able to connect to server as c***i user using evil-winrm?
Or not yet?

Hi @ShellSmasher

maybe try with less parameters? Are you sure this is the host you’d like to connect to?

Good luck!

you can configure evil to work with kerberos. And then evil in as N**** using TGT

1 Like

Hi @bedtimexv thank you very much for a hint! I will try it :wink:

I need help with privilege escalation because I’m getting an error when I ask for a kerberos ticket and I don’t know why.

Keep getting this when trying to remote in:
GSSAPI::GssApiError happened

Any ideas why?

Just started Vintage and having some issues even getting bloodhound to run collection. Just curious if there is something different I should already be doing on this step? I am getting an error saying it couldn’t connect to LDAP and to check creds however I am using the creds I was given. LOL