I’m getting the following with the remote py tool, despite using various parameters and making changes to my hosts file. Obviously I’m missing something, is someone able to discuss by PM?
dns.exception.Timeout: The DNS operation timed out after 3.00170922279 seconds
Can anyone please help about this error ?
KRB_AP_ERR_SKEW(Clock skew too great)
I’m currently using Manjaro distro. I can’t find a way to set the time to match the server and the nmap take such a long time to run.
YES!!! Finally rooted this box. I think I went about it in a long way but I learned a ton. Basically use the user access you have, run the hound, find the misconfig because people have to send mail, use the right tool to exploit that misconfig and give the user account some extra privs, use those privs to find out secrets about other users, …
Like I said, probably the long way. Please PM me if there is an easier way. In anyway, thanks to the creators of this box for a fun learning and obsessing project.
Can anyone please help about this error ?
KRB_AP_ERR_SKEW(Clock skew too great)
I’m currently using Manjaro distro. I can’t find a way to set the time to match the server and the nmap take such a long time to run.
That means the domain server time and your local time are not equal. You have to set in your computer the same time that has the domain server to get granted for tickets. It’s not necessary to be extremely equal, this “allowed inequality” range between server and client is set by the defualt sysadmin, it can be seconds or minutes depending what was set but better to set your time to the most closest you can to the server time
Got User: ummm Enum to death! you should find a list of users, an impacket script will be helpful to get the rest if you so doth request it to do so.
Got Root: !!! That was awesome! Basically avoid all the mistakes I did. the evil man can call the dog, just gotta use the right syntax and it will work, from the machine. Once you have what you need and have run the right syntax, you will know where to go.
If you have a problem with the cat, avoid using it entirely. There is an old shell module that helps the evil man properly, uses a small part of the cat to do exactly what you need to do.
The machine crashes every 1.5 minutes. There’s no way to get sharp in documents. It’s either getting DOSsed or it’s the ■■■■ bruteforcers. I got user, but will probably have to give up on root until the machine will run for 5 minutes. Please stop bruteforcing all ports, that’s not the way.
i have a list of valid user and I find a way to brute force it using the “dog” but when i run it, it say’s error resolving hostname ‘h**.l****l.’ to an ip address address: No such host is known and Unable to get domain controller address but I already did adding the hostname to the hosts file.Can you give me a help?
got a username and a password with low privilege. I try to do Ker*******ing and to do that I first need to enumerate those juicy Ss so I ran GNs.py with password but found no entries, then I run it again with Ks ticket but gave me the error SessionKeyDecryptionError: failed to decrypt session key: ciphertext integrity failure. Any nudges would be awesome.
rooted, took me ages and I must say learnt a load about AD and windows in the meantime. Was no way an easy box. thanks to Luemmel and acidbat for the nudge.
User hints : enumerate lots to get a list of users and look to use a known weakness in how 90% of ADs are configured to get a user hash. The evil tool will help you once you have these.
Toot hints : elevate from one account and use another to run the dog. It doesn’t run too well locally so look for some other methods. When the dog shows you a path, use the 3 method to take advantage.
Thanks to the creator, a great box and probably the most real life one i have come across.
@lessloveless said:
Got User: ummm Enum to death! you should find a list of users, an impacket script will be helpful to get the rest if you so doth request it to do so.
Got Root: !!! That was awesome! Basically avoid all the mistakes I did. the evil man can call the dog, just gotta use the right syntax and it will work, from the machine. Once you have what you need and have run the right syntax, you will know where to go.
If you have a problem with the cat, avoid using it entirely. There is an old shell module that helps the evil man properly, uses a small part of the cat to do exactly what you need to do.
Fun box pret cool
i have the ticket and this error pops up “Kerberos SessionError: KDC_ERR_S_PRINCIPAL_UNKNOWN(Server not found in Kerberos database)” and when i change the target ip to htb.l***l it pops this error “SMB SessionError: STATUS_MORE_PROCESSING_REQUIRED({Still Busy} The specified I/O request packet (IRP) cannot be disposed of because the I/O operation is not complete.)”.