@mechs85 why are you trying to use the veggie? That’s for when you’re running as a service account that has permission to impersonate other users. Won’t work on any part of this box as far as I’m aware. Unless maybe you’re talking about a different veggie than what I’m thinking of.
As for the looping command prompt in m******, that seems to happen when run from a remote powershell session. Either use the Im***** alternative where you can just run it remotely, or if you really want to use m****** then launch a reverse shell with netcat or something and then run it from there.
@mechs85 why are you trying to use the veggie? That’s for when you’re running as a service account that has permission to impersonate other users. Won’t work on any part of this box as far as I’m aware. Unless maybe you’re talking about a different veggie than what I’m thinking of.
As for the looping command prompt in m******, that seems to happen when run from a remote powershell session. Either use the Im***** alternative where you can just run it remotely, or if you really want to use m****** then launch a reverse shell with netcat or something and then run it from there.
Hey mate. Green Veggie tool is w*****S.exe. Not too sure which other one you’re talking about.
Will PM you to avoid spoilers about the other bit. Cheers!
i am stuck getting usernames, if ound some on a website but no matter what naming scheme i try the users arent found in a certain databse… can someone nudge me?
I wouldn’t mind a nudge towards foothold /user if someone wants to PM me.
I’ve found a dn using l*ch , which seems to be a rabbit hole.
I did find what does appear to be two valid usernames using some educated guessing and website enumeration. One is administrator, of course, no big surprise there. The other is a twist of the dn i found earlier.
I’m stuck on the next step - creds. I’m happy to go through everything i’ve tried, and i’m looking for the smallest nudge in the right direction. I really hate asking for help on something like this, when I know the info is out there… but there’s just SO much info to sift through.
I wouldn’t mind a nudge towards foothold /user if someone wants to PM me.
I’ve found a dn using l*ch , which seems to be a rabbit hole.
I did find what does appear to be two valid usernames using some educated guessing and website enumeration. One is administrator, of course, no big surprise there. The other is a twist of the dn i found earlier.
I’m stuck on the next step - creds. I’m happy to go through everything i’ve tried, and i’m looking for the smallest nudge in the right direction. I really hate asking for help on something like this, when I know the info is out there… but there’s just SO much info to sift through.
There’s a suite of snake-like tools, some would say they’re of “a small, mischievous devil or sprite”
Use the usernames you’ve found, use the above hint, then get the 1st user creds
Hello. It is quite embarrassing but if could someone confirm that I have cracked the password correctly, I would be really glad. PM me please!
Update: Found my way through… The result was wrong.
There’s a suite of snake-like tools, some would say they’re of “a small, mischievous devil or sprite”
Use the usernames you’ve found, use the above hint, then get the 1st user creds
Goddammit. Everything I tried, I thought required creds, but i went back after reading your hint, and realized i didn’t need creds for NP.py. Which I have used before for another box.
This is my first attempt at a windows box. Struggling to get a foothold. I’ve been able to do some enumeration. Got the domain name, some users for what idk? A password and an sid_id. Tried using all of the above in several different combinations with Metasploit. No luck yet.
Can someone gimmie a nudge a noob can understand...... anyone anyone.....buller? :smile:
This is my first attempt at a windows box. Struggling to get a foothold. I’ve been able to do some enumeration. Got the domain name, some users for what idk? A password and an sid_id. Tried using all of the above in several different combinations with Metasploit. No luck yet.
Can someone gimmie a nudge a noob can understand...... anyone anyone.....buller? :smile:
If you have a user, see if you can roast 'em
If you have a user/pass, see if you log in. maybe there is some evil tool out there for windows remote management
@nobyl said:
Is it just me or is this part of the path to root? I’m struggling with fixing this part if it is. Please let me know if this is a rabbit hole.
[-] Kerberos SessionError: KRB_AP_ERR_SKEW(Clock skew too great)
Set your system clock to the correct time
Got same error… even setting timezone as per machine time zone… any hints?? thanks
@nobyl said:
Is it just me or is this part of the path to root? I’m struggling with fixing this part if it is. Please let me know if this is a rabbit hole.
[-] Kerberos SessionError: KRB_AP_ERR_SKEW(Clock skew too great)
Set your system clock to the correct time
Got same error… even setting timezone as per machine time zone… any hints?? thanks
If I know the tool you’re trying to use, you don’t need it. I had the same issue if you look up a few posts. Look into the suite of tools and see what else you can use
I have creds for 3 User accounts but login only works with one of them.
The account starting with s… has a long PW starting with Mo…
But i cannot login with that account. Is the box stuck?
I have creds for 3 User accounts but login only works with one of them.
The account starting with s… has a long PW starting with Mo…
But i cannot login with that account. Is the box stuck?
Possibly. You should be able to connect with that sc account via e**-w***m.
