Sauna

can someone please tell me how to download files onto my kali system from evil.
I am using download filename, it says successful however nothing appears. I also tried adding /home/foo/bar but no joy.

Type your comment> @pagal said:

Can anyone please help me i tried to find the user’s with basic tools but can’t find any thing i also try with team member’s name in their web but can’t get any thing ???

you need to look for a very basic naming convention which is in use in nearly any domain environment.

Type your comment> @idevilkz said:

can someone please tell me how to download files onto my kali system from evil.
I am using download filename, it says successful however nothing appears. I also tried adding /home/foo/bar but no joy.

For what it is worth, for me putting the paths in the command to start evil did me no good. I just used “download fileNameOnTarget fileNameOnKali” and the file was placed on my Kali box in the directory from which I ran evil to connect.

Type your comment> @pagal said:

Can anyone please help me i tried to find the user’s with basic tools but can’t find any thing i also try with team member’s name in their web but can’t get any thing ???

If you have not already, read through all of the existing comments. There are some extremely helpful hints on pages 4, 5, and 7.

The key is finding the right tools. Googling “active directory enumeration kali” may be helpful.

And, don’t over think it. @somecanadian was kind enough to remind me, and that simple statement got me to “root” after days of hitting my head against the wall because I was really overcomplicating it.

Hey all, might’ve remade the wheel here but I wrote a Python script for generating usernames. Should be pretty useful for this box. Check it out - GitHub - dpdug4n/UserNameListGenerator: Generates a list of usernames based off of common naming conventions.

Type your comment> @Kolisar said:

Type your comment> @idevilkz said:

can someone please tell me how to download files onto my kali system from evil.
I am using download filename, it says successful however nothing appears. I also tried adding /home/foo/bar but no joy.

For what it is worth, for me putting the paths in the command to start evil did me no good. I just used “download fileNameOnTarget fileNameOnKali” and the file was placed on my Kali box in the directory from which I ran evil to connect.

thanks. I must be doing something basic wrong.
I have generated the .zip within Documents folder.
I am typing download filename.zip fn.zip

it tells me check filenames or path???

can i get some format help with the cat or the rip? anyone anyone…buller :smile:

Type your comment> @idevilkz said:

Type your comment> @Kolisar said:

Type your comment> @idevilkz said:

can someone please tell me how to download files onto my kali system from evil.
I am using download filename, it says successful however nothing appears. I also tried adding /home/foo/bar but no joy.

For what it is worth, for me putting the paths in the command to start evil did me no good. I just used “download fileNameOnTarget fileNameOnKali” and the file was placed on my Kali box in the directory from which I ran evil to connect.

thanks. I must be doing something basic wrong.
I have generated the .zip within Documents folder.
I am typing download filename.zip fn.zip

it tells me check filenames or path???

Hmmm… that is odd. If filename.zip is the file on Sauna you are trying to download your kali box, that should work. Try making your evil connection without any of the “path” options.

There is a really manual way to get the file across if the evil download won’t work.
PM me if the download doesn’t work and I’ll explain.

Type your comment> @idevilkz said:

can someone please tell me how to download files onto my kali system from evil.
I am using download filename, it says successful however nothing appears. I also tried adding /home/foo/bar but no joy.

You might try running ‘sudo updatedb’ && locate ‘file you downloaded’ if the download is successful but you can’t find where it dl’d to.

EWi PS C:\Users**> download 20200312101145_***ound.zip
Info: Downloading C:\Users\s
/*****20200312101145_***ound.zip to 20200312101145_BloodHound.zip

Error: Download failed. Check filenames or paths

this is what I get

Type your comment> @johnmflynch said:

can i get some format help with the cat or the rip? anyone anyone…buller :smile:

You should be able to type the command without any arguments and it will tell you the arguments and the format it accepts.

generally, it is commandname -format type -request -ouputfile filename

okay I managed to do it. PM if anyone is struggling on this.

okay it gets interesting now. I have got the .zip file and checked it. I can see there are kerberoastable users in there however they don’t kerberoast.
what am I missing ?

I got root thanks to the suggestions on this forum, but I don’t know why.
I’m pretty bad at windows (and in general), so I do not understand what’s the difference bewteen the second user (sr) and the first user (fh) that allows the second user to get the interesting information.
I’d also like to understand how should have I found out about this without reading the forum (and possibly without using the dog).
Could anybody please be so kind to PM me an explanation for this?

Thank you very much!

@ComandanteRed PM sent

Type your comment> @VbScrub said:

@ComandanteRed PM sent

Thank you for taking the time, really appreciate it!

Rooted, and feeling pretty chuffed with myself getting this one as I didn’t need to ask for help.

(edit - just re-read this, and wow, it really wasn’t meant come off so boastful… Sauna was my 5th Windows machine, but only the first one I’ve managed to do just from knowledge recently gained, and reading info in this thread…)

OK, so with a helping hand from @idevilkz I managed to get up to using a bad/evil tool.
I walked the dog, downloaded the subsequent file and loaded it in the dog program, it shows me users/computers/etc in the DB Information window and I’ve even manually looked at the JS** files and they have information

But any query I try and run, its a blank screen. Has anyone had this issue before?


Edit, so I did some more enumeration and ran G******.py and found a family member. But the script tells me the clock Skew is too much. What is the best way of fixing it that it doesn’t ■■■■■■ anything else up?

Edit*:

I really have no idea what is going on right now:

Target Host:

C:\Users*\Documents> net time
Current time at \
.
.* is 3/12/2020 8:54:53 PM

The command completed successfully.

My Kali Machine:

mechs@kali:~$ date
Thu 12 Mar 20:54:07 GMT 2020

I keep getting “Kerberos SessionError: KRB_AP_ERR_SKEW(Clock skew too great)”

Nmap Check

Host script results:
|clock-skew: 6h59m36s
| smb2-security-mode:
| 2.02:
|
Message signing enabled and required
| smb2-time:
| date: 2020-03-13T03:30:43 (this was a few minutes before, ignore the minutes)
|_ start_date: N/A

Bnaging my head here! No idea what timezone is being used

Type your comment> @mechs85 said:

OK, so with a helping hand from @idevilkz I managed to get up to using a bad/evil tool.
I walked the dog, downloaded the subsequent file and loaded it in the dog program, it shows me users/computers/etc in the DB Information window and I’ve even manually looked at the JS** files and they have information

But any query I try and run, its a blank screen. Has anyone had this issue before?


Edit, so I did some more enumeration and ran G******.py and found a family member. But the script tells me the clock Skew is too much. What is the best way of fixing it that it doesn’t ■■■■■■ anything else up?

Edit*:

I really have no idea what is going on right now:

Target Host:

C:\Users*\Documents> net time
Current time at \
.
.* is 3/12/2020 8:54:53 PM

The command completed successfully.

My Kali Machine:

mechs@kali:~$ date
Thu 12 Mar 20:54:07 GMT 2020

I keep getting “Kerberos SessionError: KRB_AP_ERR_SKEW(Clock skew too great)”

Nmap Check

Host script results:
|clock-skew: 6h59m36s
| smb2-security-mode:
| 2.02:
|
Message signing enabled and required
| smb2-time:
| date: 2020-03-13T03:30:43 (this was a few minutes before, ignore the minutes)
|_ start_date: N/A

Bnaging my head here! No idea what timezone is being used

advice to all on this box… kerberos its the hard road… did you know? there is a lot of snakes in this world.

Sorry all it was my shiity load of BackBox the hash and rip wasnt working. spun up my kali virtual and bingo all is golden