Heist

-e and -s are to set a local dir containing executables and powershell scripts. Let’s suppose you want to launch a Sherlock.ps1 . Ok, put that powershell script on your local folder, set it using -s and once connected you can launch “menu” command. You’ll see some stuff but not Sherlock stuff (yet). Then, type “Sherlock.ps1” ← it autocompletes using tab, and after pressing enter, Evil-WinRM is loading the powershell into memory. If you launch again “menu” command you’ll see all the available Sherlock commands including the Find-AllVulns command.

someone could send me a PM I tried all combinations of credentials without success. voelvo understand where I’m wrong

oof, i wish there were “hack-alongs”. being a noob is headaching…

.

Type your comment> @elcaroak said:

oof, i wish there were “hack-alongs”. being a noob is headaching…

If you buy VIP, you can do all the old retired boxes with the write-ups.

Hi,
If someone can give me a nudge in DM.
I have everything but nothing seems to work for me, will better explain in DM
Thanks

Spoiler Removed

I used r**c****t for that and manually enumerated after finding some known users, probably not the most elegant way, probably missing a tool that auto does it!

@sazouki did you use the credz you already have?

there is a pretty sweet perl script that enums users from the service you all want to access so much

Type your comment> @badman89 said:

@sazouki did you use the credz you already have?

i got it after install all the requirement from that github repo

Stupid question but do i need to be cracking the $1$ I have decrypted the other 2 passwords but can’t seem to crack the other!

Type your comment> @Dreadless said:

Stupid question but do i need to be cracking the $1$ I have decrypted the other 2 passwords but can’t seem to crack the other!

Yes

Type your comment> @DameDrewby said:

Type your comment> @Dreadless said:

Stupid question but do i need to be cracking the $1$ I have decrypted the other 2 passwords but can’t seem to crack the other!

Yes

Thank you, I will keep hunting for a way :slight_smile:

Fun box, helped me to get some much needed enumeration practice on Windows :slight_smile:

Type your comment> @Dreadless said:

Type your comment> @DameDrewby said:

Type your comment> @Dreadless said:

Stupid question but do i need to be cracking the $1$ I have decrypted the other 2 passwords but can’t seem to crack the other!

Yes

Thank you, I will keep hunting for a way :slight_smile:

check my previous post, I shared the script to decrypt that pwd

Can anyone drop me a hint on where/how to use the 3 creds I found. I’ve tried all user/pass combinations on every service I could find but nothing is working

Hi guys… just after a little nudge please? I have 3 passwords… I can authenticate on 445 with a username and password… but can’t seem to use the winrm shell etc to progress… I think I may be missing something…

Hey, got user but stuck hard at root, and not able to use powerup.ps1 on this box is this by design or I am doing some shitty mistake somewhere any nudges please…

I’ve got user as well. Couldn’t get powerup to work. Sherlock returns nothing useful. Trying jaws-enum now.