I don’t understand who went through Johanna’s password, who capitalized it, who started with a small letter.
How should I do it right in the end?)
it doesn’t matter, I’ve already figured it out)
I dont have any loop files in my /dev/ folder?!?!?
I am stuck at the part of this lab where I have to transfer a file from the RDP session I have open to my pwnbox. I have no idea how to transfer the L******.**** file over to my pwnbox to complete the next step.
I have tried using all of the upload options from the file transfer module but still can’t get anything to work.
Any help with this would be awsome here.
I have to be honest, I’ve tried that and this led me in running in circles for a few hours. In the end I’ve realized that this tool provided me with the wrong hashes.
To avoid people getting stuck in this I’d recommend to use secretsdump.py from impacket.
impacket-secretsdump -sam [SAM FILE] -system [SYSTEM FILE] LOCAL
1 Like
I got the password from the B******.*** but I don’t know what to do with it from here. Anyone have any hints?
same issue. Could you help me with some hint? I hashed the password 1***********! but when I try to mount password doestn work(
Initial access RDP — Fast forward —
The file found in the resources password.list custom.rule
hashcat --force password.list -r custom.rule --stdout > mutated_passwords.list
crowbar -b rdp -s 10.129.202.222/32 -u johanna -C mutated_passwords.list
2024-11-07 03:44:42 RDP-SUCCESS : 10.129.202.222:3389 - johanna:1231234!
xfreerdp /v:10.129.202.222 /u:Johanna /p:12***34! /cert:ignore
It takes a long time just to get the initial access
I belive its no big deal to fast forward it.
please add the followings at the beginning of your mutated_passwords.list , so you will gain the rdp password quickly
1231234
123546
123123123
1231234!
123!123!
Understand and then use!!
1 Like
If you are getting this error:
CMD: losetup -P /dev/loop100 <your_file.vhd>
Error: losetup: /dev/loop100: failed to set up loop device: No such file or directory
Run the command below to check loop devices available to you:
ls /dev/loop*
Then you can run the loop available and If you need to use loop100, you can manually create it with command below:
sudo mknod -m 660 /dev/loop100 b 7 100
sudo chown root:disk /dev/loop100
Note: You can replace 100 with any number as long as it doesn’t overlap with existing devices.
To load loop authomatically:
echo 256 | sudo tee /proc/sys/dev/loop/max_loop
did you get a solution to this?
For anyone still struggling with this after getting the vhd file. To crack the password for bitlocker, use the command:
bitlocker2john xxxx.vhd > xxxx.hash
Then use your favourite cracking tool to crack the password. From there you should be able to continue.
Tip: If you’re using a windows host. Then instead of trying to mount the drive in linux, do it in windows by going to Disk Management > Action > Attach VHD, and specify the file path to the vhd file. (Make sure to click on any white space if you find the ‘Attach VHD’ option greyed out)
Hope this helps!
Hi, Could someone explain why hydra doesn’t work for Johanna and RDP? i wasted 3 days using it, and 5 min using crowbar, also crackmapexec gives me an Error using smb -M RDP (RDP [-] ACTION option not specified) when i don’t want an action just brute force it, ncrack is the same even testing it with a password list with 5 passwords the correct one at the end it shows nothing and it took 10 min to try just 2 passwords. I already have the password but that not all i want to learn why this behaviour and learn from my mistakes
HI, I did it with :
hydra -l Johanna -P mutpass.list rdp://10.129.227.51 -t 48 -VV ( VV we can sww the brute progress)
mutpass.list is mutated password with hashcat with custom rule on Lab Resource ( we using it several time in the module)
Hi sreader, thanks i finished already the module, what i was wondering is why when i did a pass with hydra first i used the resources usernames and password lists, no mutation, and hydra found nothing, then i mutated the list i spend another day and found nothing, i tried using crackmapexec… again nothing… and so far i didn’t knew the username, then i used crowbar not 5 minutes have passed and i got the answer, just to check if i was doing something wrong i used the username that i found with 5 more in a very small list used hydra… nothing it didn’t see the right answer, i checked the version and i have the latest, i checked the same with crackmapexec same problem, that why i spent 3 days and hydra never showed me a result even if it was there that’s my real problem how to know if my procedure is wrong ( the wordlists I’m using are wrong or doesn’t contain the answer or if its just the tool hydra in this case ), but thanks anyway!
hello my friend i found the kdbx file but i dont understand how to to transfer him to my linux machine can you please explain
Hello my friend did you managed to transfer it I have tried many technics to transfer the file and I didn’t manage to do it too if you managed to understand how to transfer it please tell.