Heist

I have got all of the users and cracked all of the passwords, I can connect via smbclient in linux but not on w**** using PS. I think I should be able to connect in PS with E****-PS******* using user C**** and password Q**************, is this not correct?

Credentials are correct, attempt is good, the tool may not be proper. I tried two different ruby scripts and both of them did their job correctly.

Can someone please PM we with a some help on user? I believe I have done everything mentioned in the forum and still no luck:

  • I have the cracked all 3 passwords from ***.
  • I have the usernames from that same file, plus another 1 or 2 from the place that brought me to that file
  • None of those credentials work with the common port using the the common client and none work with l*******d.**
  • None of those credentials work with the higher port (using the snakey library)

I feel like something is wrong with the common port as I can’t even run e4*x on it.
What am I doing wrong???

thanks @meangreen for your help on this! not sure why one method worked over the other…but it did!

Got Root!.. Thank you @bertalting … Check those processes…

Getting root turned out to be easier than getting user - the answer was right in front me, but I’ve thought it is wrong. Also got to experiment with some ruby scripts, thanks for the machine!

Can someone please PM we with a some help on user?? I have the 3 password and the 2 users. All the wordlist I use can’t decrypt the type 5 hash and I can’t authenticate myself on smb using this findings.

Type your comment> @MrB33n said:

Can someone please PM we with a some help on user?? I have the 3 password and the 2 users. All the wordlist I use can’t decrypt the type 5 hash and I can’t authenticate myself on smb using this findings.

The passes are right, Search for more users in Port 80

Can anyone help with Heist? From where to begin, any hints, walkthrough would be helpful.

Please contact me via telegram - @CarlosLiu

Type your comment> @bertalting said:

Type your comment> @MrB33n said:

Can someone please PM we with a some help on user?? I have the 3 password and the 2 users. All the wordlist I use can’t decrypt the type 5 hash and I can’t authenticate myself on smb using this findings.

The passes are right, Search for more users in Port 80

I tried H***** too sorry… I think I haven’t cracked the good type 5 hash… Thkz

I’m getting the following error when running the evil script, tried all combinations or user/pass… any help anyone?

"Error: Can’t establish connection. Check connection params

Error: Exiting with code 1"

I was just turning it off. Because there was still so much information with grep . But when I looked at the top line and saw the password. thanks for helping from user to root |@meangreen :))

So i’m on the last stages of rooting, I’ve got what I think the final username and password however where do I use these?

hopefully not giving anything away here but I can log in to the webpage

Type your comment> @jstnlmb2008 said:

So i’m on the last stages of rooting, I’ve got what I think the final username and password however where do I use these?

hopefully not giving anything away here but I can log in to the webpage

Sorry, stupid question now rooted whoop whoop

I keep getting “access denied” when I try to look at running processes…

Type your comment> @zms200 said:

I keep getting “access denied” when I try to look at running processes…

Powershell is your friend…

What tool can I use to crack the type 5 password plz ? I tried all my dictionnaries with hashcat and John but it’ s not enough…

@mrb33n , the issue is likely not the wordlist…try googling for methods to decrypt that type of password. When you find something that you might not have tried before, go back and use it with your old wordlists. Also, to make things go quicker, look back at the c****g and see if there’s any criteria that you can use to remove passwords of a certain size range from your list.

@bumika said:
Type your comment> @zms200 said:

I keep getting “access denied” when I try to look at running processes…

Powershell is your friend…

are you saying that permissions for that user on the machine are different when using powershell as opposed to the regular cmd shell?

Type your comment> @zms200 said:

@bumika said:
Type your comment> @zms200 said:

I keep getting “access denied” when I try to look at running processes…

Powershell is your friend…

are you saying that permissions for that user on the machine are different when using powershell as opposed to the regular cmd shell?

well I just tried it, and it apparently works…thanks!!!