Starting Point: psexec.py problem

optimisto · June 24, 2020, 5:09pm

Walking throw Starting Point, Privilege Escalation step

Found following string in Powershell history
net.exe use T: \Archetype\backups /user:administrator MEGACORP_4dm1n!!

Trying to start remote cmd with administrator priveleges

john@kali:~/.local/bin$ ./psexec.py ‘administrator:MEGACORP_4dm1n!!@10.10.10.27’
Impacket v0.9.21 - Copyright 2020 SecureAuth Corporation
[-] SMB SessionError: STATUS_LOGON_FAILURE(The attempted logon is invalid. This is either due to a bad username or authentication information.)
john@kali:~/.local/bin$ ./wmiexec.py ‘administrator:MEGACORP_4dm1n!!@10.10.10.27’
Impacket v0.9.21 - Copyright 2020 SecureAuth Corporation
[-] SMB SessionError: STATUS_LOGON_FAILURE(The attempted logon is invalid. This is either due to a bad username or authentication information.)

Seems to be password incorrect… or I missed something…
Any hints?

P.S. Is it possible that someone changed password?

michaelah · June 24, 2020, 5:24pm

I’m having the same problem, not sure if its part of the challenge, or if someone changed the password

I think perhaps the password has changed, if you try to psexec with the other user, its clearly not a password issue, unless this is part of the challenge to figure out what the pw changed to

python psexec.py sql_svc:[email protected]
Impacket v0.9.22.dev1 - Copyright 2020 SecureAuth Corporation

[*] Requesting shares on 10.10.10.27…
[-] share ‘ADMIN$’ is not writable.
[-] share ‘backups’ is not writable.
[-] share ‘C$’ is not writable.

michaelah · June 25, 2020, 2:49pm

anyone else have this problem?

michaelah · June 26, 2020, 2:00am

machine must have reset, it worked fine today

rockerps · August 3, 2020, 2:05am

hey guys, if you guys haven’t figure out yet about the second problem you are facing, I am here to tell you that you were entering the wrong user. Try this username: Administrator
password: MEGACORP_4dm1n!!

artraou · August 19, 2020, 12:54pm

Hey guys, I am almost all the way through this (first) machine - except the connection to the remote machine from psexec.py is always refused. I installed UFW and set the rule that allowed tcp to all as per the walk through and I have changed the IP to the one that is being reported in ifconfig under tun0 (10.10.14.77 in my case) which is the same one that was in the shell script etc, have battled all the way through this including installing impacket etc and just can not get this working.

ANY help over what I have obviously done wrong would be GREATLY APPRECIATED.

psexec.py [email protected]
Impacket v0.9.22.dev1+20200813.221956.1c893884 - copyright 2020 SecureAuth Corporation

Password:
[-] [Errno Connection error (10.10.14.77:445)] [Errno111] Connection refused

quietdaemon · February 16, 2021, 5:30pm

@artraou - looks like you are attempting to connect to yourself (10.10.14.77)…ip address for psexec.py command should be for target. Good luck!

WspSama · July 1, 2024, 3:16pm

Try this: psexec.py administrator:MEGACORP_4dm1n\!\!@<tareget_IP>
I found that the ‘!’ is a special character that need to be escaped. Thus, I add a backslash for each one. And finally, it worked!

berchj · December 8, 2024, 4:54pm

thanks this worked for me