Password Attacks Lab - Hard

Thanks for the info @god_f3lla . Just wondering if you/ anyone else can give me another tip, I have the S** file and just trying to get the three H*** files the H****** one’s from the S**. What do you use to extract them? thanks!

You have to extract both s** and the sys*** file. impacket-secrect will be helpful. :wink:

1 Like

Hi all ! can someone give me a boost. I can’t find where to apply credits d****. stuck here

Thanks this works to me very quickly

Did you get the help or figured it out?

yes i did it

Did you get it ? because its been 6 hours seen i started to brute force johanna’s password and got nothing, and the target IP need to be reset because the time its over. i just got a password for SMB but johanna doesnt have access to the shares so what can i try :expressionless:

I discover the cme -M rdp option, gonna try with that

Hi . you found joanna’s password?. now log in with him by rdp

yes, i used the -M rdp option with cme it took a while

Hey can you DM me, I have no idea how to extract these ! I’ve already mounted the VHD drive but i’m stuck now

Hello everyone,

I have been on the Password Lab - Hard for quite a long, I am really feeling lost. I have successfully bruteforce johanna RDP credential and with xfreed connected.

I legit checked almost everything in johanna but I can’t find anything. I have tried lazanga.exe nothing, winPEASany.exe got a lot of interesting files when to check nothing. I am lost. can anyone help me please, I am getting tired of this module. :frowning:

Thank you all

I have managed to crack the keepass and I found david password, although when I am trying to RDP over to david is not working, then I went to check the smb server and I got a backup.vhd file which I don’t know how to read it I assume it might contain some juicy info… am I on the right track, what am I missing? Please any help!!

It was stressful but it feels good when you find a way on your own. :slight_smile:

Hi Ludovictor,

Did you manage to find a solution?

How did you mount the Backup.vhd file?

No need for help got it working :slight_smile:

yes I manage, I used the Pnwbox instead of my machine and everything went fine haha !!

1 Like

Hello, I have been progressing very well, but I am stuck getting the .vhd file.

I cannot download it from the host machine via smbclient. I can connect just fine to the share but when I try to get the file it gives me an error “parallel_read returned NT_STATUS_IO_TIMEOUT”.

I tried troubleshooting this and made modifications to my smb.conf file to make sure that I can connect to NT1 shares, yet I still cant download the file.

I haven’t seen anyone else say anything about this. I was able to get the other file on smbclient no problem.
Not sure what is stopping this…
Any help ?

So I used the Parrot Machine and was able to download it. Working through how to mount it now… I am still very confused as to why I couldn’t download the file on my Kali VM though…

Was able to finish the module with no real problems. Really just don’t understand why I couldn’t download the vhd file on my Kali machine. Any one can take a guess?

how do you mount the vhd? I must be missing something because no way that i’v tried works. Is it encrypted? I don’t think it is??

It is encrypted, follow the Academy Instructions.

Here is your answer: how to mount it on Linux.

All the information to solve this lab is what you have learned, exempt for the part of mounting a encrypted image drive on linux…but we have Google for it.

The steps are:

1.) Use always the resources given for brute-force ( and build a new custom password list as shown in the lab “custom.rules”.

2.) Once you brute-force Johanna, look for files and keep cracking (Keepass, Backup.vhd, SAM, etc.).

Use Hydra, John, Hashcat, Impacket or your favorite tool to do the task. You can also use external resources as or to try crack some hashes while you are cracking in you machine.

We do it because we love it…THIS IS FUN STUFF!

PD: I always look for the file hash when I upload or download (md5sum, sha256sum) to be sure that the file is not corrupted on transit.

you can see the resolution in the following youtube video, but I do not recommend it, you can only see it if you feel very frustrated and do not think you can move forward.

1 Like

Do You have link to this video? Thanks!!!

How can I transfer the file Logins.kdbx from windows to my linux machine?
I tried many methods from the “Transfer Files” Module, but it dont work…