hello i was wondering if you can help me with sauna.I found usernames in site but dont know what to do next...
Hey I was wondering if you could help me out on forest? I'm stuck trying to get root by using secretsdump.py but keep getting access denied. I've created a user and put them in both exchange groups. I've also used powersploit to grant dcsync privs.
Can you help me on foothold on Sauna machine?
I am trying this
smbmap -H 10.10.10.175 -u user
Am I using the right tool?
Hello, Hope u doing well m8. I was going through nest. After some time enumerating, I don't dare say I have enumerated everything. but, I found the creds in the weird b64 format. Also, found the file that mentions utf8-bom. I even found the hidden directories using the weird service on port 4386.I also found the new text file and the todo file. However, I am still unable to crack the b64 password. I tried padding it , Different b64 decoding characters schemes , but to no avail. A nudge would be much appreciated.
Hey, hope you are doing great !!!
I am stuck on user for sauna, Out of many possible users and keywords found only Sauna to be a valid username, but even it is not ASREPRoastable.
Any nudge in the right direction would be a life saver. Thanks
Can you tell if http://10.10.10.151/blog/?lang=\10.10.. to access smb share is the right command for foothold as for me this is not working.
Regarding Forest machine:
This is my first windows box as I just started on HTB
I tried to get username list via ldapserach and nmap smb-enumusers, but ldapserach gave me one extra user than smb-enumuser
(ldapserach gave many users including sebastien)
I started bruteforcing password for following users using auxilary/scanner/winrm/winrm_login
on both port 5985 and 47001 using dc as htb.local , but no luck
smbclient and smbmap not working for me
Any guidance or tip will be greatly appreciated
I was hoping to get some password, then using winrm, login to the box and get user.txt and then try privilege escalation