I was able to find the Gr****.x** file and obtain the password and decrypt the same. Was able to login and obtain the user flag
@nullsession0x said:
Great box, really enjoyed it. Lots learn. I disagree with people saying all you need is Kali! There are tools out there that you will need to download to enable you to complete this. The tools I used were;
Nullinux - GitHub - m8sec/nullinux: Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
CME (CrackMapExec) - GitHub - byt3bl33d3r/CrackMapExec: A swiss army knife for pentesting networks
ImPacket - GitHub - fortra/impacket: Impacket is a collection of Python classes for working with network protocols.Enjoy
Thanksā¦
Iām having a hard time getting to crack the TGS hashes using john the ripper, hashcat wonāt run on my VM. Any tips ?
Hi !
After a few hours I managed to get the user flags and know (in theory) what to do to get the root flag but I am not able to generate the S****** T***** with i******* (it says invalid credentialsā¦) Any tips ?
Should i use Kerberos 5 AS-REQ Pre-Auth etype 23 ?
Got the root flag !
Learned a lot on this machine that was really cool, thx for posting it !
Thx a lot to @3poke
hard time cracking password please help PM
Great box, really realistic!
@amlamarra said:
Just got root.txt on this machine. For those of you trying to crack the hash, the default install of John in Kali wonāt have the right format. Youāll need to install the Jumbo āversionā. I followed the instructions here: How to build on Ubuntu Linux [Openwall Community Wiki]
Thanks For the link. Got root.txt finally.
This was really a good machine. Learned a couple of new tools and methods.
Pm if any hints needed.
Someone could help with user I can access only to Reā¦ share but there is nothing interesting any hints pls
Hi, I was able to got bot user and root flags but I am still wondering whatās really happening behind the hood. I donāt wanna spoil anything here so if someone having a good understanding of AD and k******* and i***** could message to answer some of my questions me I would really appreciate thx !
@nullsession0x said:
Great box, really enjoyed it. Lots learn. I disagree with people saying all you need is Kali! There are tools out there that you will need to download to enable you to complete this. The tools I used were;
Nullinux - GitHub - m8sec/nullinux: Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
CME (CrackMapExec) - GitHub - byt3bl33d3r/CrackMapExec: A swiss army knife for pentesting networks
ImPacket - GitHub - fortra/impacket: Impacket is a collection of Python classes for working with network protocols.Enjoy
boot2root just with this post. These links went to my bookmarks. Thanks.
@ZaphodBB said:
Got user ! - now on to rootFeel free to PM for user hint
Hi could you give me some hint ? I can connect to sā¦ but I can access only to Repā¦ I donāt know how to proceed
Hello. i keep seeing that is easy and fast to get user.txtā¦ However ive been trying 2 days with this machineā¦ im using the enumeration tools mentioned in the previous posts, ive found shares only after smb.conf configuration to add smb2 but i cannot get access to any of them (connection failed)ā¦ any hints for how to continue? thank you
Awesome machine. Very realistic.
i found the password in the G*****.*ml file and was able to decrypt it. i just have no clue what username to use or even where to use it. can someone help me out with a hint?
Edit: found it
Got the root today. actually a great machine to learn about AD. Thanks @Draco123 to the hint. If anyone need a hint, just PM me.
@sheepkiller said:
Hello everyone, if you are having issues with the typical tools mentioned in this forum to connect to the service, itās probably a misconfiguration with your Kali smb.conf file. Here is what I did to fix it:nano /etc/samba/smb.conf
// In the file, I added the following in the [global] section
client min protocol = SMB2
client max protocol = SMB3sudo service smbd restart
This FIXED enum4linux for me, enabled those other tools suggested here, and COMPLETELY changed my results and now I feel like things are wide open.
This will probably be useful to anyone using Kali for pentesting
Hi.
i was able to access the G*****.x** file. I have a problem cracking the password. Read here to use the h*****t but i cannot get the correct command. Please if someone can point me to the right directions as i cannot use the tool correctly. Thanks.
EDIT: got user, moving on now to root
Owned and rooted!