Forest

Hi, Can someone please help me, I am a beginner for my OSCP journey.

Basically, i did S** enumeration and got usernames and domain.
I want to know what tool under Impacket can help to get hashes, i have tried GN***s.py but i am unable to succeed. Thanks in advance.

I got the password for s**-o from brute forcing, some tips on how to do it “correctly” would be nice, also I’m having trouble with ShH

Been stuck at root for a while, and would really appreciate a nudge! I’ve made it no where since getting user. I think I understand the application that people keep referencing, the Dog. However no matter what I try and feed it, I don’t get any output back. Really would appreciate a pm if you know what’s causing this issue.

Thanks!

Type your comment> @M1sha said:

However no matter what I try and feed it, I don’t get any output back.

Thanks!

It is important that you use all relevant credential data (3) when you run the Invoke command.

Hello boys
could anyone help me, please??
i use nulx and im*t, with Gs.py i get s-*******o and his password.
I have problem with G
U
*s.py because i have this errors:
“No entries found!” Or “[-] Kerberos SessionError: KRB_AP_ERR_SKEW(Clock skew too great)”
I have change my time, but nothing =(
Thank you for your help

I have no idea where everyone is getting a password hash from, can’t find anything at all, already using the tool everyone is mentioning, can’t get any of the scripts to work.

Type your comment> @cipster86 said:

Hello boys
could anyone help me, please??
i use nulx and im*t, with Gs.py i get s-*******o and his password.
I have problem with G
U
*s.py because i have this errors:
“No entries found!” Or “[-] Kerberos SessionError: KRB_AP_ERR_SKEW(Clock skew too great)”
I have change my time, but nothing =(
Thank you for your help

Had this too: Change the time -1 minute behind the server time.

finally, cost me over a month, 1 laptop, a desk, my relation but totaly worth it.

USER INFORMATION

User Name SID
================= ============================================
htb\administrator S-1-5-21-3072663084-364016917-1341370565-500
E**-***M PS C:\Users\Administrator\desktop>

this is also a hint, last step can be done without impact.
just lookat wat you used for the user shell

Need a help on a root.
Got the Hound to work, it showed me probably the path i need, but to do some escalations, it looks like i have to upload files on a system, but i cant do this.

Any hint would be very nice!

Hi this is my first windows machine and I have some difficulties for the user. I have found the users and the password for one of them , I have trying to connect to the different ports on 3** and 3**8 I can connect (but not found nothing) while on 6*6 and 3**9 I cannot connect for a TLS error. The TLS error is wrong path? I missing something?

EDIT: Working on root

Can anyone PM some tips/hints for where to find the hash for one of the users? can’t get anywhere with it.

EDIT: Got the hash and cracked it, working on finding a place to use it now.

Has anyone been able to get the PV script to work? I can’t seem to get the modules to load. I can get PS* to load but it does not include all of the functionality that I need. I’ve been stuck at this point for two days so any help would be highly appreciated.

On root part.

How to create a new user for the domain? Which command?

Type your comment> @JuicyyCandy said:

I have no idea where everyone is getting a password hash from, can’t find anything at all, already using the tool everyone is mentioning, can’t get any of the scripts to work.

same

Type your comment> @Looking4 said:

On root part.

How to create a new user for the domain? Which command?

google search how to create windows users by command line :slight_smile:
Hint; net …

Type your comment> @hubi277 said:

Im trying to use multiple scripts from tool mentioned here a lot of times but all i get is
KDC_ERR_WRONG_REALM
can someone dm me with some tip becouse im trying for a long time now and can’t do nothing

I fix it by editing the hosts file. Point the IP to htb.local .

I have the user and hash. Can someone help me on how to convert the hash to a valid pass?
EDITED: Managed to crack the hash now. :slight_smile:

@JuicyyCandy said:
I have no idea where everyone is getting a password hash from, can’t find anything at all, already using the tool everyone is mentioning, can’t get any of the scripts to work.

  1. For the user list, you can use e4*x .
  2. Try to use impacket G********S.py to get the hash.

Type your comment> @pourquoi said:

I have the user and hash. Can someone help me on how to convert the hash to a valid pass?

John is a good guy :slight_smile:

Type your comment> @Ammit said:

Spoiler Removed