Can someone please help me with “Using the techniques in this section obtain the cleartext credentials for the SCCM_SVC user.”?
1 Like
Sure! did you solve it finally?
Can you help me? I’m stuck here, too
You can DM me.
1 Like
solved. Thanks anyway 
1 Like
To anyone stuck on this, I will give you a clue. Malicious SCF File.
If you need help, send me a message.
3 Likes
I need for help
I use the latest Responder to get sccm_svc hash
but Its cracked-password is wrong
C:\Department Shares\ is you folder, find writable sub-folder and copy SCF there
When you get the responce, copy the whole hash nat crack it like in the lesson 
6 Likes
I am also stuck bro can you help on this!!!
Hey! Where you are stuck?
Hey @19delta4u how can I get in contact with you?, I’m completely stuck.
Hey @pavka I can’t find any writable sub-folder, I mapped both Public & Private and all the sub-folders are read only, I mapped with smbmap app + -r flag, can you lemme know how can we get in contact and give a hint?
Write in a subfolder of C:\Department Shares\Public
1 Like
Just follow the steps of the lesson, within the C: drive you will find several shares, you can write the SCF file within one of them, on your attacking machine setup responder or smbserver to capture the hash of the user.
Hi, i am stacked here could anyone help me out?
I created the file within the department share still I’m getting no Response back but when i open the file i get the my account response.
What should i do?
Did anyone manage to capture the hash with an .lnk file ?
hey I’m a little stuck, Ive created the file in the share folder. but i’m not getting a response. Even when i enter the share. the .ico file has the payload to my address too. Even tried the hosting the smb from my machine, but still nothing.
solved! dw about it