I would just like to put my two cents in, with all the misinformation out there, you do not need to guess to get the initial username needed. There are tools to find the list of usernames on this box.
Root: First Enum, I found some green vegetables to be very helpful in this. Then don’t overthink it, I was able to walk the dog to see what to do, you personally might be more of a cat person though.
I would just like to put my two cents in, with all the misinformation out there, you do not need to guess to get the initial username needed. There are tools to find the list of usernames on this box.
Anybody willing to help point me in the right direction with tools etc? Just saying AD attack is way too general and about 1000 tools with most being the first time I’ve ever heard of them…just need help narrowing down the research
No! There is no bruteforce required to get the password.
Are you sure about that? Did you find a way to make it appear in clear text? Or did you bruteforce it with a wordlist?
No, i don’t get a plain text password here. But want to point out that you don’t need to penetrate the box with a bruteforce attack. The public servers are already under high pressure. You can take advantage of the mentioned two tools on your local client. A very common wordlist is absolute enough.
Lol “EASY” sure…maybe if you’re a pro and now how to use obscure tools that few people have used where they’re hit and miss most of the time and super fussy
Can you give me some nudges ? I have found user FS.h and get password with well-known python collections but can’t login with it. After enum, found the other users and specially svc-***r. Should I try to explore a way in order to find this user’s password or am i on the wrong way ?
Can you give me some nudges ? I have found user FS.h and get password with well-known python collections but can’t login with it. After enum, found the other users and specially svc-***r. Should I try to explore a way in order to find this user’s password or am i on the wrong way ?
Thanks
Do more enumeration in the AD, you will find something default…