I didn’t see another thread on this module so I started this one.
I’m currently on the skills assessment.
I curated a username list of 931 users using --rid-brute.
So far, password spraying has been unfruitful.
Has anybody finish this module? If so, I could use a little help.
John
asreproast to the rescue! First flag done!
John
Kerberoasting!
John
OSError: [Errno Connection error (INLANEFREIGHT.LOCAL:88)] [Errno 111] Connection refused
make sure you use --kdcHost
Usually, when I get that error, it is an /etc/hosts issue.
I would add DC01 to the domain controller line.
John
It was!
Any hints with the MSSQL Server? I was able to gain five users with password or hash so far, but not able to retrieve the flag.
Do i need a user and password combination or should I use the path which exploits a vulnerability?
I am stuck on question 2 of the Vulnerability Scan Modules section; I have checked for and tried to exploit multiple vulnerabilities but the only one I have successfully exploited was the zerologon exploit which does not allow me to read the c drive. can you point me in the right direction.
Hi, I’m having issues connecting to the target. Nothing is connecting back to my chisel client even though the target is responding to ping. Am I doing something wrong?
I’ve tried for like 3 days now to get a connection, nothing is happening.
Can I get some help with the 3rd question?
I got that SQL flag using mssql.
Not sure how to get DEV01 and DC01. Need help completing the skill assessment
Hi,
Can you please give me a hint how you got the second question?
Gain access to the SQL01 and submit the contents of the flag located in C:\Users\Public\flag.txt.
What I get so far:
Any hint?
Update: I got 7 users, with one not valid password, I’m missing two questions:
2th; SQL
last one; DC01
Any hint?
If anyone comes here and can help me with the 3rd question about accessing DEV01.
feel like i tried everythings including the ms-connecter file (not LNK since it’s blocked) and i’m totally glued. The int speak about reusing somethings but all the pass i have have lead nowhere except for the inital user they were good for.
any help would be appreciated.
ty
Sent you a message 
Hi,
could you please give me a hint to “Gain access to the DEV01”. I have tried password spraying on different services using obtained passwords (also using a --local-auth switch) but without good results. I have actually 4 users with valid pass.
You have to get a service/computer account
Thank you for tip @moayad11 . Now I am stuck to acquire credential for user that can list service/computer account. I have tried back and enumerates folders to get some interesting files, brute force with many pass combinations and use other escalation paths like null session for that user.
maybe not a cleartext password?
Player keep in mind that the version used to test the module was 5.4.0, some newer versions broke stuff