Forest

Can someone help me with finding the initial ntlm hash? I am not sure what I am doing wrong here

Type your comment> @fightnerd said:

Can someone help me with finding the initial ntlm hash? I am not sure what I am doing wrong here

Nevermind

Can someone assist me in one of the last steps regarding granting my user rights? I cannot seem to do it to save my life. I assume it’s a syntax issue.

EDIT: Nevermind. I was using the wrong account to run the command in the context of. I think I would have figured it out had I known the version of the powerful tool mattered when running on a remote linux box. I assuming running with runas on Windows wouldn’t need it?

Lots of new tools learned on this one. Ty @FalseProfit for giving me the tiniest tip to push me to the end! /root

so long kerberos

I though this is easy T_T Can anyone guide me atleast with the tools huhu… PM Me :cry:

Anyone available to discuss the final stages of root with me? I keep getting this error and I cannot get past it when using the cat.

ERROR kuhl_m_lsadump_dcsync ; GetNCChanges: 0x000020f7 (8439)

Any nudge after cracking the user password?
=>“Error: An error of type WinRM::WinRMHTTPTransportError happened, message is Unable to parse authorization header.”<=
Google doesn’t help me too much…

Edit: No need anymore… I was forcing evil connection on a wrong port…

I can’t get SHd.ps1 working in the el-W*M shell, PM me if you can help me

I dont know how to get into root … PM Me if you can help me~

I found user s**-a*******, but i donot know how to root.
I try to run the dog didn’t find a path to attack, and the a******.ps1 didn’t get useful information.
who can help me …

edit: got it.

Also stuck at root, tried multiple combinations for pex***.py but getting connection refused everytime.
Is the user s**-a******* to be used for that?
Thanks!

i’m only getting shell with evil-*****.rb and its unstable and slow af any suggestions?

Been enumerating found 2 domains SMB in the right direction? or think about other ports?

Hey all,
My dog was working. But now
When I try to walk the dog remotely, I get the following error:
dns.resolver.NXDOMAIN: None of DNS query names exist.

Has anyone encountered this ? How did you resolve it ?

Type your comment> @inertia said:

Hey all,
My dog was working. But now
When I try to walk the dog remotely, I get the following error:
dns.resolver.NXDOMAIN: None of DNS query names exist.

Has anyone encountered this ? How did you resolve it ?

Never mind . Got help from @mswdr2 !
Now onto a timeout issue !

I would appreciate if someone could assist me with some evil syntax. It seems straightforward, so I think I’m missing something else.

got it, thanks to my own sanity check.

Hey, first post here, currently trying to figure out how to escalate privileges and am currently stuck on getting either "ds.e**" or PV***'s command “A**-O*******L” to work. The former upon invocation gives me the following error

00000005: SecErr: DSID-03152870, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
Insufficient Rights

the latter in turn tells me it cannot

CommitChanges … A constraint violation occurred

Any hint would be greatly appreciated! Thanks a lot and merry christmas!

EDIT.: Just managed to root the box. The commands I used were actually the right ones, I had simply overlooked the difference between "Mf" and "Gl" in B******d.

This box required a lot of research I must say. At the end of it, I’m nowhere near understanding Windows AD but this was quite a step in that direction.

Regardless, PM if you need a nudge.

So i have found users through kerberos