Skills Assigment - Pivoting, Tunneling, and Port Forwarding

I’m stuck in this quetion:
For your next hop enumerate the networks and then utilize a common remote access solution to pivot. Submit the C:\Flag.txt located on the workstation.

I already found the windows server, but i can find the others computers into the network.

Someone can help me? I’m stuck here about 3 days


Have you tried Ping sweep?

That is what i did:

  1. Connected to webadmin server using a ssh -D 9050
  2. RDP to windows server using proxychains (
  3. Used a “for script”: for /L %i in (1,1,255) do @ping -n 1 -w 200 172.16.5.%i > nul && echo 172.16.5.%i is up.
  4. Found only,
  5. Nmap -sn to with proxychains
  6. Found only, again
  7. Stuck here
1 Like

Are you still stuck?
I think I found an other ip but I can’t connect

i already done

use ipconfig, you will see 2 ethernet networks, 1 is one network, 2 is the other.
Use this command to do a ping sweep in CMD (not powershell):

for /L %i in (1,1,255) do @ping -n 1 -w 172.16.5.%i > nul && echo 172.16.5.%i is up.

Change 172.16.5. to ip that you found and you will found the next machine

Yes I did, found a 172.16.6.**, but can’t connect. I tried a double port forwarding (with netsh) to connect via rdp but no result

You need to use netsh in windows machine

I did, I use netsh in the first windows machine to connect port 3389 of second machine and set a portfwd in the ubuntu server. But when i try xfreerdp it doesn’t work.
I use same credentials, like the note said.

Hey, what creds did you use for the last machine? The same as in the note on ssh?

user: vfrank , pass: Imply wet Unmasked

tip: use mimikatz to get passwords

I ve already done it, Thanks

in the first place how did you crack that password?
secondly that password does not match the nt hash i got of vfrank.

I did lsass dump and got the hashes but I’m not able to crack it :frowning:.

I’ve found the 3rd host but I can’t access it.

If someone could help :slight_smile:

nvm, figured it out!

Did you figure this out. I’m working on it right now.

I’m at the same point. Did you finish the skills assessment?


I finished the module.

1 Like

hello colleague, am in at a similar stage, after the ping sweep,discovered the but cannot find the credentials for vfrank and so cannot login to it. :melting_face:any help would be appreciated. Zhanna

The last machine is I believe.

I just finished this module. Message me if you’re stuck!

use mimikatz