Password Attacks | Academy

Hi guys,
I’m at this question: Check the /tmp directory and find Julio’s Kerberos ticket (ccache file). Import the ticket and read the contents of julio.txt from the domain share folder \DC01\julio.
I really don’t know what to do, can anyone help me? You can even dm me if you pref.

Thank you, I solved it because of the path found in the demonstration. But if we didn’t have that, how do we get to that ticket? Since it doesn’t even have the extension we were using with the find tool

Can somebody help me reading the flag.txt of the last task?
when I open it I receive the mesage: “flag.txt” may be a binary file. See it anyway?

I have access to \DC01\linux01 and can see it via smbclient but there must be something wrong with the download.

smbclient //dc01/linux01 -k -c "get flag.txt /tmp/test.txt" -no-pass

It downloads it but I can’t open it.

Hi, I’m facing the same problem with the flag not accepting can you help?

Has anybody got crackmapexec working on the Pwnbox ?

I get dependency errors also when I build it from the source

Edit:

Managed to install it with these commands:

  • python3 -m pip install pipx
  • pipx ensurepath
  • pipx install crackmapexec
Please Any one help me out :-

Use the LINUX01$ Kerberos ticket to read the flag found in \DC01\linux01. Submit the contents as your response (the flag starts with Us1nG_).

    1. first connect to ssh to the target 
2. then there are keytab files so use python tool to decrypt passwords
3. su to that user with pass we got 
4. again same process but this time search carefully the keytab files are in crontab 
5. change the env variable and query the smb
6. now we are in another user acc we can sudo su
7. now we are root search care fully for kerbros tickets we will find them in /root/.k*/**

then exit because I was stuck here from 2 days if any one get last flag please help me by just giving hints :frowning:

Once you have transferred the file to your /tmp do the following commands:

  1. tr -d ‘\r’ < /tmp/test.txt > /tmp/test2.txt
  2. cat /tmp/test2.txt

#; The first command above converts Dos line endings to Unix
#; The output of the second command will contain the flag as a substring

did you manage to connect with rdp? I’m stuck with the same problem rn and kinda confused

EDIT: already got it, don’t know why this time had to be different

Hi all,

I’m currently stuck in the “Password Attack | Protected Files” section.

The task says “Use the cracked password of the user Kira and log in to the host […]” but I cannot find a password for Kira. Kira isn’t mentioned anywhere in this section and it feels like I’m supposed to reuse a password cracked in an earlier section of this module.

Could anyone please give me a hint as to where I can find the password for Kira’s account?

Thank you & best regards :blush:

hey, any hint on how did you get it?

Hi, did you solve it? I am stuck here too… I am in with kira but find nothing…thanks

I’m on the Skills Assessment - website. I’ve used Burp to get the Post form data. I’ve run the command to crack the password, and I get a success. But then the user name/password don’t work. I run it again, and it cracks a different password. I don’t know what to do.

$hydra -l admin -P /opt/useful/SecLists/Passwords/Leaked-Databases/rockyou.txt -f 144.126.234.86 -s 32429 http-post-form “/admin_login.php:username=^USER^&password=^PASS^:F=<form name=‘login’”

It’s given me:

login: admin password: 123456789
[STATUS] attack finished for 144.126.234.86 (valid pair found)
1 of 1 target successfully completed, 1 valid password found

host: 144.126.234.86 login: admin password: 12345
[STATUS] attack finished for 144.126.234.86 (valid pair found)
1 of 1 target successfully completed, 1 valid password found

host: 144.126.234.86 login: admin password: iloveyou
[STATUS] attack finished for 144.126.234.86 (valid pair found)
1 of 1 target successfully completed, 1 valid password found

just put a file with Loveyou1 and make mutation with this…

Guys, anybody cracked root pass? Im stuck… i use mutated password and nothing

Hello, Can someone help me to solve the skills assessment - Med lab?
I found jason ssh password, but I could not found nothing after ssh login.
What should I look for? Thanks.

I’ve done all the modules up to here with no problems. But now I’m really stuck at Use the LINUX01$ Kerberos ticket to read the flag found in \DC01\linux01. Really how this module is written it really is a cluster f… Everything I try doesn’t work properly . error after error. I’m really at the point of quitting this whole certificate path.

There is a difference in user ticket and computer ticket, try to use the ticket associated with the question :wink:

1 Like

I did it!!! Thanks for the tip :+1:t2:

1 Like

Don’t quit either, just try a different view on things to get you back on track. The satisfaction of success should be the motivator.

1 Like