Password Attacks Lab - Hard

david is too complicated to brute force. Just get in the box and look at what you have access.

Don’t overthink. All challenges are straightforward. Just get the first username as you probably already know and use the ordered full mutated list as you learned from previous topics. Doesn’t need to install new tools also. Follow the teaching and you’ll get there.

I stumbled upon the same issue. You have to be careful with ftp when you download files in “ascii” mode (which is the default). Changing to “binary” mode and downloading the file did the trick.

Needed days to figure that out…

I had to change the timeout setting with smbclient to get it to work with Kali. It looked like this:

smbclient -U david \\10.129.202.222\david -t 60

how to download b*****.v** from smb client there is only read permission

Hi!
I read every post. Still cant bruteforce j****** password.
I did everything. grab the pw from resource, mutated. Tried with hydra, with cme, with crowbar (rdp mostly, but tried smb and winrm also)… and nothing. I also restarted the machine just in case.
Please help!

Used samdump2. It’s also available in the PwnBox.

Syntax:
samdump2 -o [OUTPUT FILE] [SYSTEM REG KEY] [SAM REG KEY]

Johanna password policy

  • 8 character (Numbers) with one special character

Finally finished this. I used John with these flags: --format=NT --rules

Hope this helps.

I was able to mount it and used the password I cracked using bitlocker2john but how do I properly read the files within that directory. do I just cat the files and dig through to try and find something?

if you have David’s credentials log into cmd using him and navigate to his files

No problem, message me if you solve this lab as I’m stuck shortly after the point you are at

Yeah I did that but can’t get any readable files, I possibly didn’t get the right password but I can’t get any other than 1********!

Is this what its supposed to look like?
image
when I “cat SYSTEM”
image

EDIT: I feel dumb I realised how to read the files by going back in the course.
Thanks @kossidohnat for the assurance that my password was right to go looking elsewhere

Thanks mate, I ended up realizing that, that’s why I did the edit :sweat_smile:. Took me long enough to figure that out.

I think I have the Admin pass L********* but I tried to use it on evil-winrm and its not working. is it me or the password is wrong?

Edit: I am a dur brain that is all. I thought i was connect through openvpn, but I never presssed enter ::smh::

Any hint for Johanna password, I’m using mut_password.list with crackmapexec on SMB and RDP without success. Can someone give a hint word of password or command for tool which he use ?

Hello, I am in the same situation. Have you resolved the issue?

Hello, I am using this command "smbclient -U david \\x.x.x.x\david but no luck.
mind giving me some hints, please?

If you’re able to RDP using Johanna and have David’s credentials try changing the user within that RDP session(hint open cmd as another user). I hope this helps