Password Attacks | Academy

I try but not work.

Need tips on PASSWORD ATTACKS- Protected file. I try brute force FTP and ssh but no luck.

Hello! Sorry if my question is already apart of discussion somewhere. I am actually stuck at last question of “Password Attack- Network Services” Find the user for the SMB service and crack their password…?
what i have done.
1- used MSF to get the as SMB3 is in play -and obtained 4x users and password
2- only one user has access of read and write to at 1x share directory (same name as user name)
3- i tried to access the share folder with smbclient but i received errors
4- so i tried to access it with MSF and psexec exploit. — it was also inaccessible/not working as no acess on admin$ is with this user.
5- Tell me how to get access to flag through proper way…
Note: i already have the flag through some other attack vector in target, so flag is not the issue… my issue is learning… that what we are here fore.

How are you suppose to use the resources wordlist on pwnbox. This module is so stupid, literally 0 learning.

Yeah, I found the user, I also found the hash for Linux01, but was not able to export it or use as it was giving me some error, istead used account which is part of domain admin to connect and access place for the flag, but this probably us not intended way to get the flag

Guys who are just starting the module and stuck in brute forcing account, I would like to note that the brute force process can sometimes be unreliable
if you are using the correct lists and it doesn’t work just change the tool or retry again.

It is not very clear for Password Reuse section but you have all you need in page body to solve. No brute. RTFM is our destiny.

This has definitely been the worst module I have done on this platform so far. Idiotic tasks, slow machines and only frustration. Really bad, no learning opportunities because I knew most of the stuff before, but still had problems with the tasks.

1 Like

ya and its work with me thank

someone has found a way?

Allelujah, thank you.
I got to reinstall it even after pip install, but god know why, it worked :smile:

I found these copies, but from them I only get sam. How do I get root?

you use the tool impacket-secretsdump on the backup files to extract hashes. Then can use a tool like john the ripper to crack the hashes. One of those hashes is for a high privilege user.

  1. Download the usernames & password lists from “Resources” (You can find it at the top right of the page).

  2. After you download the zipped “PW-Attacks” file, unzip it–obviously lol–and use whatever tool you liked to Brute-Force “SMB” service.
    I personally used MSFconsole Module–auxiliary/scanner/smb/smb_login).
    Don’t forget to set the username.list & password.list in the Module Options.

  3. You should find 4 credentials.

And that’s it!
Happy Hacking :smiley:

It will take 10-15 mins to crack the smb service using the hint


root@linux01:~# kinit -k -t /etc/krb5.keytab LINUX01$@INLANEFREIGHT.HTB
kinit: Keytab contains no suitable keys for LINUX01INLANEFREIGHT.HTB@INLANEFREIGHT.HTB while getting initial credentials


Hey, idk if you solved it yet but the problem is that you are using an expired ticket, always look at “Valid” and “Expires”, in your case its expired since 10/07/2022 so you need to use julio’s 2nd ticket.

I’m in but I can’t find the correct flag!

I used kinit to for the keytab file for linux01 and it worked but I’m accessing the wrong directory or idk
because the flag is incorrect

:slightly_smiling_face: yaaaa finally done
Note…read everything