thank you. finally solved it
can you give me a hint i have root access but i can not find the ticket of linux01$ or how to use it to connect to the share
please give me more hint i stuck here nearly 3 days
1 Like
i’ve done everything this is my 4th day sitting over how to change user to svc_workstations any help would be appreciated. 
Hello, I am stuck. please help me man
Hello, I am stuck here. please help me
Okay so i solved it, just use hydra on a “Password” based list… for svc user.
Hey, I’m glad you found another way to find the creds, that’s out the box thinking.
However, it’s important for you to note way to find the pass for user svc_workstations has something to do with using keytabextract.py on a certain .kt file in the .scripts folder.
Cheers
Whenever I run the export KRB5CCNAME=‘file location’ I can successfully change my ticket to Julio. However, when I run the Klist I see that my Kerberos ticket is expired. There are only two tickets on the system that I can change to for Julio and the other one doesn’t work.
I was wondering if anyone else was having the same issue and what they did to resolve this.
Hey there, did you ever find out what was the issue with this?
This is the optional exercises so I don’t see anyone else posting about it.
I managed to get the proxychains evil-winrm working installing krb5-user
proxychains evil-winrm -i dc01 -r inlanefreight.htb
but running this gives me a timeout
──╼ [★]$ proxychains impacket-wmiexec dc01 -k
[proxychains] config file found: /etc/proxychains.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
[proxychains] DLL init: proxychains-ng 4.16
[proxychains] DLL init: proxychains-ng 4.16
Impacket v0.13.0.dev0+20240916.171021.65b774d - Copyright Fortra, LLC and its affiliated companies
[-] [Errno Connection error (dc01:445)] timed out
I just read that they told us to use evil-winrm. Is it an impacket-wmiexec issue?
hey man, I am stuck on the same part…
did you figure it out eventually?
I didn’t have an issue with completing the topic, using evil-winrm works.
I was just wondering why impacket-wmiexec does not.
Maybe it is a port issue? I’m not sure, hoping someone could enlighten me.