Active any hints

I don’t understand why my enum is not working. I talked to another person and their s**client was working fine but I keep getting connection reset all the time…

Try using GitHub - m8sec/nullinux: Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB. instead of enum4linux :slight_smile:

In reply to @mercwri:
Which box do you recommend to start with?

Any one able to give me any hints on getting root flag.

Also I don’t know why people remove my comments as spoilers! It’s about helping people

can’t manage how to use john to do the job

@Moliata said:
In reply to @mercwri:
Which box do you recommend to start with?

Perhaps for a start you should have a glance at Jerry’s. It’s also recommended to work with the retired machines as good write-up’s and videos are out directly on the machines’s profile site or may ask aunt Google. You can learn a lot from these.

Cracking at 407.1 kH/s - Does anyone wanna give me a hand in regards to what wordlist :slight_smile:

Great box, really enjoyed it. Lots learn. I disagree with people saying all you need is Kali! There are tools out there that you will need to download to enable you to complete this. The tools I used were;
Nullinux - GitHub - m8sec/nullinux: Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
CME (CrackMapExec) - GitHub - Porchetta-Industries/CrackMapExec: A swiss army knife for pentesting networks
ImPacket - GitHub - fortra/impacket: Impacket is a collection of Python classes for working with network protocols.

Enjoy

@seiyathesinx said:
can’t manage how to use john to do the job

You might need a bigger version of John.

So getting root on Active was surprisingly difficult for a so few points. The hints here are useful and the tips people gave me were invaluable.

It turns out a lot of the problems were linked to the versions of software I had running. The best suggestion I can give about that is if you try something which should work but gets error messages, google the messages. You might find out it is a known problem and using version 0.9.18-dev or the Magnum version solves it.

@nullsession0x said:
Great box, really enjoyed it. Lots learn. I disagree with people saying all you need is Kali! There are tools out there that you will need to download to enable you to complete this. The tools I used were;
Nullinux - GitHub - m8sec/nullinux: Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
CME (CrackMapExec) - GitHub - byt3bl33d3r/CrackMapExec: A swiss army knife for pentesting networks
ImPacket - GitHub - fortra/impacket: Impacket is a collection of Python classes for working with network protocols.

Enjoy

impacket was installed but I needed to upgrade it because the installed one was not compatible with some Python library which caused a weird error … (known issue, discussed on the impacket github page)
Then I used hashcat for cracking (on another box for performance reasons) rather than installing the ‘bigger version of john’.
But other than that, I only used kali tools.

i also enjoyed this box - this example is a bit extreme of course, but in general it’s a really realistic misconfiguration. Sometimes it’s tricky to make special k******* configurations work, like delegation and including boxes on different OSs and several ‘hops’ … and you are super happy if it finally works at all. Then you probably don’t remove all your ‘test’ configurations and replace the ‘test’ password of these special accounts by something more secure…

@kekra said:

@nullsession0x said:
Great box, really enjoyed it. Lots learn. I disagree with people saying all you need is Kali! There are tools out there that you will need to download to enable you to complete this. The tools I used were;
Nullinux - GitHub - m8sec/nullinux: Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
CME (CrackMapExec) - GitHub - byt3bl33d3r/CrackMapExec: A swiss army knife for pentesting networks
ImPacket - GitHub - fortra/impacket: Impacket is a collection of Python classes for working with network protocols.

Enjoy

impacket was installed but I needed to upgrade it because the installed one was not compatible with some Python ASN library which caused a weird error … (known issue, discussed on the impacket github page)
Then I used hashcat for cracking (on another box for performance reasons) rather than installing the ‘bigger version of john’.
But other than that, I only used kali tools.

i also enjoyed this box - this example is a bit extreme of course, but in general it’s a really realistic misconfiguration. Sometimes it’s tricky to make special k******* configurations work, like delegation and including boxes on different OSs and several ‘hops’ … and you are super happy if it finally works at all. Then you probably don’t remove all your ‘test’ configurations and replace the ‘test’ password of these special accounts by something more secure…

What tool did you use to enumerate SMB share?

@nullsession0x said:

What tool did you use to enumerate S** share?

The one you already mentioned above… that you said you used to no avail… it worked well for me.

[Edited… was perhaps a spoiler].

@nullsession0x said:

@kekra said:

@nullsession0x said:
Great box, really enjoyed it. Lots learn. I disagree with people saying all you need is Kali! There are tools out there that you will need to download to enable you to complete this. The tools I used were;
Nullinux - GitHub - m8sec/nullinux: Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
CME (CrackMapExec) - GitHub - byt3bl33d3r/CrackMapExec: A swiss army knife for pentesting networks
ImPacket - GitHub - fortra/impacket: Impacket is a collection of Python classes for working with network protocols.

Enjoy

impacket was installed but I needed to upgrade it because the installed one was not compatible with some Python ASN library which caused a weird error … (known issue, discussed on the impacket github page)
Then I used hashcat for cracking (on another box for performance reasons) rather than installing the ‘bigger version of john’.
But other than that, I only used kali tools.

i also enjoyed this box - this example is a bit extreme of course, but in general it’s a really realistic misconfiguration. Sometimes it’s tricky to make special k******* configurations work, like delegation and including boxes on different OSs and several ‘hops’ … and you are super happy if it finally works at all. Then you probably don’t remove all your ‘test’ configurations and replace the ‘test’ password of these special accounts by something more secure…

What tool did you use to enumerate S** share?

What typical tool does one use to interact with the S * *?
Is there only 1 S * * version? or are there other versions of S * *?
What does a typical tool use as it’s default S * * version?

Finally got root, learned some new tools, and that I should pay attention to the command line args.

HT to nullsession0x who helped show that I was on the right track after all

Great box, really enjoyed it. Lots learn. I disagree with people saying all you need is Kali! There are tools out there that you will need to download to enable you to complete this. The tools I used were;
Nullinux - GitHub - m8sec/nullinux: Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
CME (CrackMapExec) - GitHub - byt3bl33d3r/CrackMapExec: A swiss army knife for pentesting networks
ImPacket - GitHub - fortra/impacket: Impacket is a collection of Python classes for working with network protocols.

Enjoy

This helps me lot bro. Thanks

Finally rooted.

@Moliata said:
In reply to @mercwri:
Which box do you recommend to start with?

Jerry is a good one

I got the hash out of the x** file, but can’t find a tool that will recognize it for cracking. Anyone want to give me a hint on what to crack it with. I can see that if I can get it cracked I should be able to access some other directories where the file was.

@n0bf said:
I got the hash out of the x** file, but can’t find a tool that will recognize it for cracking. Anyone want to give me a hint on what to crack it with. I can see that if I can get it cracked I should be able to access some other directories where the file was.

Google a bit on the field name where you got the hash and you should get your answer. If not let me know Ill send you a link.