thanks a lot John! any help would be greatly appreciated because am stack after logging into vfrank
Hello everyone.
i came here because i was stuck as well i, i did the ping sweep and it keep coming up with just the ip i was currently on. i think the wait time for reply is not long enough because right away when i straight up ping 172.16.6.25 i got a hit. so if your stuck try pinging that and trying what you got for credentials.
also things arent as complicated as you might think, you can just remote desktop connect to all the window machines. the only tunneling i did was to the ubuntu machine 10.129.x.x the rest i did with windows remote desktop.
Watch out for your interfaces when in first windows machine. And when ping sweeping, if you get nothing, make a secon pass with increased wait for the request (-w parameter).
Hope this helps.
Thanks for all the help guys. I’m trying to use the method in ‘Remote/Reverse Port Forwarding with SSH’ to get the LSASS file from the windows host. Which technique did you manage to use? thanks!
In fact I can upload to the target, Mimikatz here we go!
hi. I found the last host from 172.16.6.X in another subnet. but I cant RDP to this last host. am I missing something? The host has route to access the other subnet
1 Like
Hi,
Don’t know if you’re still sharing notes, but I’d love to see them. This module is the one I’m struggling with the most, so would be nice to see some hints and notes. If you’re still doing it, I have a throwaway Gmail - bluegiraffe675@gmail.com
Thanks.
1 Like
Much appreciated. Was missing one stupid thing but this helped. Finished it now. Cheers!
2 Likes
i had problem transferring the LSASS to my local host, can you help me ?
take advantage of the rdp utilities, if u are using mstsc client, enable driver share plugin, to copy the lsass dmp; otherwise if u are in xfreerdp client (linux), switch the /drive parameter
1 Like
The drive parametr is huge game changer, i was stucked yesterday on different chalenge and this helped me a lot. BTW a bit out of topic, in case you got two windows target hosts one pivot and one in external network and you have powershell session on both (with help of webshell) not a RDP and from some let’s say domain rules you cant force on the second box in external network to use PS remote and therefore evil-winrm. You cant use invoke/scripts block commands or enterpssession, decode/encode is not working as it is freezing. How do u transfer files and lets say python is not installed, is it a game over?
xfreerdp /v:172.16.5.35 /u:‘mlefay’ /p:‘P****’ /drive:linux,/home/kali/ctf/rdp /dynamic-resolution
This Will share your local kali drive to rdp session you established as network drive
3 Likes
Have you cracked it, if yes how, or you passed the hash?
Hey No i did’t Completed Last Skill Assigment . i Skipped It And Planing To Complete After Ad Enum Module
how do you send the file to the attack host? im trying with impacket smbserver but it doesnt work a python, php server neither
Hi
I am stuck after getting the lsass file and discover the user v**** but impossible to crack the hash with classics wordlists.
I discover the second server with the IP 172.16.6.* but impossible to log in rdp with mlefay (and in dont have the v*** 's password ^^)
I also tried to set a netsh on the first windows srv but nothing work…
Please if someone can help me it will be very apreciate 
Thanks
you can send throuth proxychains
For all those who are struck logging in here is my tip use: inlanefreight.local\vfrank as user name.
Happy Hacking
4 Likes
Thank you… Hahahaha