Password Attacks Lab - Hard

Hello CrimsonTiger,

Thank you very much.
You made my week!!

1 Like

I got the johannas password and was able to connect with rdp now how do i transfer the l****.k*** to my linux to use john and crack the file

I agree. I did the same …

you’re welcome - GitHub - csb21jb/ADautomator

Thank you. I wish I had seen this 5 hours earlier lol

Finally completed Password Attack Module :face_holding_back_tears: :sob:

1 Like

Anyone that can do a sanity check would be greatly appreciated. I have been working on getting johanna’s password with no luck using crackmap, hydra and crowbar. Hitting it for rdp with the mutated pw list created by the custom.rule file in the resources against the password list.

I’m getting nothing. Do I need to mutate the list differently or use different resources maybe?

Thanks in advance

use crackmap exec smb with the mut_password.list

1 Like

Thanks Ali88!
I think that I was on the right path but having some latency and dropped packets. Your feedback is saving me a lot of frustration. Thank you very much!!

1 Like

Were you able to get the pass?

Crackmap exec with smb & mutated pass list is correct

Any hint on how you gound the admins pass? I cracked the backup.vhd file and got a pass that doesn’t seem to work. 1233456789!

No, I had to push away for work. I’m going to hit it again tomorrow.

crackmapexec smb 10.129.202.222 --shares -u Johanna -p mut_password.list

make sure to change the ip to yours

Fantastic. Thank you so much.

I have been back and forth on rdp and smb. I might have missed ‘–shares’ in my command. This is very helpful to keep from floundering if the process was timing out anywhere.

You are absolutely awesome. Thanks again!

1 Like

I had the same problem, but by adding this option " -m SMB2 ", I was able to connect from my kali

Password Attacks Lab - Hard
Examine the third target and submit the contents of flag.txt in C:\Users\Administrator\Desktop\ as the answer.
Hey guys i am stuck in this section, they said that there is user named Johanna. I am able to bruteforce and able to find the password for johanna and i am logged into RDP. there i got a File named Logins.kdbx i tranfered that file to my machine using FTP. and i used keepass2john and got hash for that file. I am trying to bruteforce with the passwordlist which is provided in resources, from yesterday i am stuck in this phase. I even tried mutating the password list with custom rule provided in the resources alos tried rockyou.txt. Thankyou for any help!x

I think you need to look at hashcat wiki for the specific hash mode.
The syntax should be hashcat -m 400, but use the correct one for your hash.

hey, brother.
With smbclient I’m getting this error
smb: > get Backup.vhd
parallel_read returned NT_STATUS_IO_TIMEOUT
smb: > getting file \Backup.vhd of size 136315392 as Backup.vhd SMBecho failed (NT_STATUS_INVALID_NETWORK_RESPONSE). The connection is disconnected now
Can anyone help me?

hey, brother.
With smbclient I’m getting this error
smb: > get Backup.vhd
parallel_read returned NT_STATUS_IO_TIMEOUT
smb: > getting file \Backup.vhd of size 136315392 as Backup.vhd SMBecho failed (NT_STATUS_INVALID_NETWORK_RESPONSE). The connection is disconnected now
Can anyone help me!