Monteverde

Type your comment> @madhack said:

yes it is working
but ERROR:root:Kerberos SessionError: KDC_ERR_WRONG_REALM…
hmm let’s try something else

You are using wrong domain name, try different one.

Type your comment> @D8ll0 said:

Type your comment> @madhack said:

yes it is working
but ERROR:root:Kerberos SessionError: KDC_ERR_WRONG_REALM…
hmm let’s try something else

You are using wrong domain name, try different one.

thx got it!

Edit : nvm I found out

@brueh said:
‘Do not require Kerberos preauthentication’ set (UF_DONT_REQUIRE_PREAUTH).

I wonder how you got those hashes because the script you are talking about didnt find anything for me…

Type your comment> @Crafty said:

@brueh said:
‘Do not require Kerberos preauthentication’ set (UF_DONT_REQUIRE_PREAUTH).

I wonder how you got those hashes because the script you are talking about didnt find anything for me…

Think more, no just impacket

Initial foothold is a guessing game. The most simple one.
Have that in mind if your enum is not giving anything.

Type your comment> @joshibeast said:

Initial foothold is a guessing game. The most simple one.
Have that in mind if your enum is not giving anything.

Already tried brute forcing all users with top 100 passwords, no luck.
Impa**** gives nothing
:confused:

Type your comment> @Nt3c said:

Type your comment> @joshibeast said:

Initial foothold is a guessing game. The most simple one.
Have that in mind if your enum is not giving anything.

Already tried brute forcing all users with top 100 passwords, no luck.
Impa**** gives nothing
:confused:

I tried top-1000 passwords against all users, but no luck! :frowning:

tbh if you think about some of those burner accounts that get installed in the process of spinning up a box, people can be pretty lazy about burner passwords.
think laziest.

in retrospect it’s absolutely realistic. sadly.

Type your comment> @babywyrm said:

tbh if you think about some of those burner accounts that get installed in the process of spinning up a box, people can be pretty lazy about burner passwords.
think laziest.

in retrospect it’s absolutely realistic. sadly.

this is the same for me as try harder.
still thx for the info.

FINALLY found an account i can use ?

EDIT: found another set of creds.
Basically all enumeration till now, nothing fancy.

Any news about root?, I’m focus with A***e but can’t find anything.

guys how did you find the password for the user, cause I tried bruteforcing all of them and got nothing

mmm something does not work for me, I am fighting with users and k ******* if someone can issue a hint … if the idea is not brute force, then there should be a more creative way to reverse the shell

Type your comment> @OrkaPatorka said:

guys how did you find the password for the user, cause I tried bruteforcing all of them and got nothing

When sysadmins create accounts, sometimes they can’t be bothered with thinking…

Don’t be crazy with spraying 100+ passwords, as said previously is honestly something you find in real life

I still have no password.

@Warlord711 said:

I still have no password.

There’s a enum equivalent for Linux that you can use. Once you have the domain, groups, users, etc. you have everything you need to obtain creds.

I got the users etc. but no valid password found yet.

same thing

I found the domain, groups and users. I have bruteforced for passwords but just nothing!
Anybody who can PM me about the tool I need to use to find a password? I am lost atm…