Active any hints

Got past the chicken roasting, but I can’t manage to crack the pwd, even using h*****t. Using the right hash mode (13100), attack mode (0), rockyou, b64 rules… What am I doing wrong? :frowning:

Oh and someone wrote to use crackmapexec (no spoil, it’s already said), is it for a PtH here? Couldn’t get it to work either.

Now, i have 2 smb shares. I can navigate 1 smb share, i dont have permission to directory listing in the other. what can i do? useless rabbit holes? am i in the right track?

@9999volts said:
Now, i have 2 smb shares. I can navigate 1 smb share, i dont have permission to directory listing in the other. what can i do? useless rabbit holes? am i in the right track?

Do more search on the one you can navigate through :wink: You will find something…

Most interesting I found was a xxxxx.ixf file, not sure if it is gold because im new in AD. It file has any *S- and a name that appears to be a smb directory… am i in the right track? TY @3poke

@9999volts said:
Most interesting I found was a xxxxx.ixf file, not sure if it is gold because im new in AD. It file has any *S- and a name that appears to be a smb directory… am i in the right track? TY @3poke

see PM. I don’t want to spoil anythings.

Hi guys,
Something curious happaned with meyesterday, I found a file, and interesting things on it (that I have to decrypt XD) and also connected with this credentials using Ps****. Browse a little and found the user flag, but I had to leave for a few hours and I’m not connecting this way anymore. Someone could PM me to help-me with other ways to connect?! (My access was SYSTEM already, but I lost it)
THanks!

Got root, thanks for the machine, not very experienced with windows machines, learned a lot.

while running hashcat, im getting segmentation fault error… can anyone help?? or can i proceed with anyother tool to crack.?

Great machine! Thanks.

Owned!
If somenoe need tips, pm me!

in my opinion root was much, much easier to get.
i’m total noob in windows and understanding what to to first was a difficulty. then I just needed to follow the new knowledge.
the mentioned here i******* tool did the job. make sure you have updated version of your cracking tool

Just got root.txt on this machine. For those of you trying to crack the hash, the default install of John in Kali won’t have the right format. You’ll need to install the Jumbo “version”. I followed the instructions here: How to build on Ubuntu Linux [Openwall Community Wiki]

I was able to find the Gr****.x** file and obtain the password and decrypt the same. Was able to login and obtain the user flag

@nullsession0x said:
Great box, really enjoyed it. Lots learn. I disagree with people saying all you need is Kali! There are tools out there that you will need to download to enable you to complete this. The tools I used were;
Nullinux - GitHub - m8sec/nullinux: Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
CME (CrackMapExec) - GitHub - byt3bl33d3r/CrackMapExec: A swiss army knife for pentesting networks
ImPacket - GitHub - fortra/impacket: Impacket is a collection of Python classes for working with network protocols.

Enjoy

Thanks…

I’m having a hard time getting to crack the TGS hashes using john the ripper, hashcat won’t run on my VM. Any tips ?

Hi !

After a few hours I managed to get the user flags and know (in theory) what to do to get the root flag but I am not able to generate the S****** T***** with i******* (it says invalid credentials…) Any tips ?

Should i use Kerberos 5 AS-REQ Pre-Auth etype 23 ?

Got the root flag :smiley: !
Learned a lot on this machine that was really cool, thx for posting it !

Thx a lot to @3poke

hard time cracking password please help PM

Great box, really realistic!