Starting Point: psexec.py problem

Walking throw Starting Point, Privilege Escalation step

Found following string in Powershell history
net.exe use T: \Archetype\backups /user:administrator MEGACORP_4dm1n!!

Trying to start remote cmd with administrator priveleges

[email protected]:~/.local/bin$ ./psexec.py 'administrator:MEGACORP_4dm1n!!@10.10.10.27'
Impacket v0.9.21 - Copyright 2020 SecureAuth Corporation
[-] SMB SessionError: STATUS_LOGON_FAILURE(The attempted logon is invalid. This is either due to a bad username or authentication information.)
[email protected]:~/.local/bin$ ./wmiexec.py 'administrator:MEGACORP_4dm1n!!@10.10.10.27'
Impacket v0.9.21 - Copyright 2020 SecureAuth Corporation
[-] SMB SessionError: STATUS_LOGON_FAILURE(The attempted logon is invalid. This is either due to a bad username or authentication information.)

Seems to be password incorrect.. or I missed something..
Any hints?

P.S. Is it possible that someone changed password?

Tagged:

Comments

  • edited June 24

    I'm having the same problem, not sure if its part of the challenge, or if someone changed the password

    I think perhaps the password has changed, if you try to psexec with the other user, its clearly not a password issue, unless this is part of the challenge to figure out what the pw changed to

    python psexec.py sql_svc:[email protected]
    Impacket v0.9.22.dev1 - Copyright 2020 SecureAuth Corporation

    [*] Requesting shares on 10.10.10.27.....
    [-] share 'ADMIN$' is not writable.
    [-] share 'backups' is not writable.
    [-] share 'C$' is not writable.

  • anyone else have this problem?

  • machine must have reset, it worked fine today

  • hey guys, if you guys haven't figure out yet about the second problem you are facing, I am here to tell you that you were entering the wrong user. Try this username: Administrator
    password: MEGACORP_4dm1n!!

  • Hey guys, I am almost all the way through this (first) machine - except the connection to the remote machine from psexec.py is always refused. I installed UFW and set the rule that allowed tcp to all as per the walk through and I have changed the IP to the one that is being reported in ifconfig under tun0 (10.10.14.77 in my case) which is the same one that was in the shell script etc, have battled all the way through this including installing impacket etc and just can not get this working.

    ANY help over what I have obviously done wrong would be GREATLY APPRECIATED.

    psexec.py [email protected]
    Impacket v0.9.22.dev1+20200813.221956.1c893884 - copyright 2020 SecureAuth Corporation

    Password:
    [-] [Errno Connection error (10.10.14.77:445)] [Errno111] Connection refused

Sign In to comment.