For the love of all that is holy!! Please can someone please help me with question one:
“Find the user for the WinRM service and crack their password. Then, when you log in, you will find the flag in a file there. Submit the flag you found as the answer.”
I have completed the other 3 questions with no issue using the resources provided but when I try to run crackmapexec I am getting this output:
you are almost there, the only thing you must change is the value of the -u flag. Use the username.list from the resources attached to the module. I see you used the password.list already
Thank you so much for the response @escapingpanda… so I used the command below, which I had tried previously and to which I think you were advising (using the provided username and password lists)
Hmm… I guess there must be something wrong with your hosts configuration. I have just executed (in the pawnbox) the exact same command as you did, and got a match in less than a minute.
@escapingpanda thank you so much for your help with this. I’ve had to resort to “borrowing” the credentials you have kindly provided as I simply can’t get it to work - not sure if its a Kali issue (could not install crackmapexec on my Parrot VM for some reason) or whether it’s something weird going on with the target host or some other ridiculous issue that I’ve not figured out! In any case I can at least move on from this waking nightmare for now!
For Everyone that still didn’t get a hit , using the provided lists .
**Try the TCP version of the VPN**, it’s likely that the connection became more stable and reliable, allowing you to successfully bruteforce the services.
Thanks for the solution, you have saved me a lot of my lifetime :).
So the thing currently is, that you can’t get a supported version of crackmapexec, and rather use NetExec (made by biggest contributers to CME)
By default, Netexec tries all users with the first pw of the list, then proceeds to try the 2nd pw with all users.
In your example, crackmap tries all passwords with the first user, which is john…
But honestly, from a learning student POV, I don’t know what I should’ve done, when I wouldn’t know the solution…
The key here is the username list. Users have names; that’s why it’s called a user name. Users can be people or systems. System accounts (administrator, backup, etc.) are typically more difficult to crack than people’s accounts. So start by brute-forcing with user names that look like they belong to people accounts rather than system accounts. (< 10 names are quicker to brute-force than > 100 names.)
Hello everyone! I have a problem with getting the smb flag key in the same module. I got access, downloaded the file, and it is empty (0 bytes). What could be the problem?
Please can someone please help me with question one:
