Hello all,
I am wondering if anyone is having the same issue with using hashcat to get the password for “anni” … so far, I have used rubeus to get the hash for anni, changed the asrep.txt file by adding the “23$” like the hint says, but when i share the file to the linux machine and run hashcat, it says there is no “passwords.txt” dictionary file to match it to. I cannot connect to the linux machine via ssh so i was using the pownbox. If the issue is that i have to be connected to the linux machine where the “passwords.txt” file is stored, can anyone guide me on how to connect to kali via SSH
any help on this would be much appreciated, thank you!
hey! I was informed to jump ahead to the section “Coercing Attacks & Unconstrained Delegation” and use those credentials. The passwords.txt will be in the home directory. Hope this helps!
hi bro, sorry for late reply but i been dealing with HTB support to fix the issue. in Linux machine go to file system and search for passwords.txt. you will get multiple files just copy them to desktop. Asrep.txt also should be on desktop (which ever location but all of them should be in same location). Then go to the location wherever you copy these files to in Linux terminal and do the hash cat. You won`t find password in passwords.txt file, but just try all the files with passwords in them and you will get it. Cheers
I figured it out. I just used the pwnbox no need to use Kali. Also find the wordlists folder a dictionary file should be there and the name is not password.txt. When using hashcat you need to include the file path. Hope this helps
Another broken module. SSH to Kali doesn’t work, HTB is not paying much attention to lab quality, nt ot mention poor performance and delays/huge ms.
I made it with HTB VM with Parrot OS, asrep hash needs to be copied to that VM and file created. Then proper wordlist dictionary file in my case was common.txt under /usr/share/wordlists/dirb. Output file contains password starting with “s” letter.
I believe someone already mentioned this but the “Coercing Attacks & Unconstrained Delegation” module has the file in the kali machine, i simply RDP’d and copy and pasted the material on the file on to my own Kali VM and it worked just fine. Hope this helps anyone out in the future.
I feel the same bro, I wish they were like CompTIA and update they’re modules annually. It would only make sense but i think the CDSA is the least focused out of all the other certs since it the only primarily Blue team certification IMO.