Official Vintage Discussion

Try using Kerberos authentication :slight_smile:

Looks like there was an additional entry I needed in my /etc/hosts file. Once I added the second entry I was able to enumerate with Bloodhound. :slight_smile:

Hmmā€¦Been staring at this Bloodhound output for awhile now and have a couple ideas but not sure how to go about executing things.

If you get stuck with bloodhound, donā€™t forget to edit the /etc/resolv.conf and add the nameserver for the hostā€¦ jeeez I was stuck with errors for a while before I solved that partā€¦

Iā€™m kinda stucked:

  • User P.Rosa can only enumerate through LDAP.
  • Bloodhound shows she has no capabilities to do anything to anyone.
  • bloodhound shows no sensitive info of any other user for lateral movement.
  • In the attack surface I have only got two non crackeable hashes.

Any hint or help on how to continue?

Does your Bloodhound reveal anything else? Potentially a vintage computer name which has a vulnerable credentialsā€¦ :eyes:

1 Like

bloodhound-python say it can not resolve FS01.vintage.htb.
does any have any idea?

Does anyone know why when trying to get the GMSA Password with netexec,ldap,gMSADumper or similar does not work but with AD-bl00dy does?

I have the same issue, canā€™t seem to find a solution for itā€¦ Restarted the box and my own system. No luck so far.

does anybody has same issue as me when running evil-winrm

malloc(): unaligned fastbin chunk detected

It was pretty annoying. What I did was using evil-winrm as less as possible for privesc an rely on Linux tools.