Posts: 25
Threads: 0
Joined: Sep 2023
(Oct 22, 2023, 03:19 PM)ctfenjoyer3218 Wrote: I'm getting this error on the -issue-request
[-] Got access denied trying to issue certificate
Can someone help me with this?
if u add me on discord i will help u. please pm to me
lineeralgebra#7836 This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.
Posts: 6
Threads: 0
Joined: Apr 2026
(Oct 22, 2023, 03:19 PM)ctfenjoyer3218 Wrote: I'm getting this error on the -issue-request
[-] Got access denied trying to issue certificate
Can someone help me with this?
Nevermind, I got it, I just needed to do it faster, lol This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Contact Administration.
Posts: 3
Threads: 0
Joined: Oct 2023
(Oct 22, 2023, 06:35 AM)fl0werbomb Wrote: User:
1. Use Crackmapexec to get a list of users via RID bruteforcing
crackmapexec smb manager.htb -u 'anonymous' -p '' --rid-brute
2. You should have the following users:
- Zhong
- Cheng
- Ryan
- Raven
- JinWoo
- ChinHae
- Operator
The "Operator" account looks interesting. Try to guess the password.
Hint:
#!/usr/bin/python3
f = open('users-plain.txt', 'r')
users = ''.join(f)
print(users.lower())
f.close()
3. "Operator" can login to the MSSQL server. Use this syntax:
impacket-mssqlclient -p 1433 -windows-auth -dc-ip 10.10.11.236 "manager.htb/Operator:<password>"@10.10.11.236
4. There is a special stored procedure that lets you traverse the filesystem via MSSQL. Use that to explore an attack surface you thought wasn't exploitable.
5. Download that interesting archive and see where it takes you 
how to download the archive from this utility "]impacket-mssqlclient" ?
Posts: 6
Threads: 0
Joined: Aug 2023
(Oct 22, 2023, 06:35 AM)fl0werbomb Wrote: User:
1. Use Crackmapexec to get a list of users via RID bruteforcing
crackmapexec smb manager.htb -u 'anonymous' -p '' --rid-brute
2. You should have the following users:
- Zhong
- Cheng
- Ryan
- Raven
- JinWoo
- ChinHae
- Operator
The "Operator" account looks interesting. Try to guess the password.
Hint:
#!/usr/bin/python3
f = open('users-plain.txt', 'r')
users = ''.join(f)
print(users.lower())
f.close()
3. "Operator" can login to the MSSQL server. Use this syntax:
impacket-mssqlclient -p 1433 -windows-auth -dc-ip 10.10.11.236 "manager.htb/Operator:<password>"@10.10.11.236
4. There is a special stored procedure that lets you traverse the filesystem via MSSQL. Use that to explore an attack surface you thought wasn't exploitable.
5. Download that interesting archive and see where it takes you
Can you tell me which stored procedure it is? I don't think what I tried was authorized to try.
Posts: 1
Threads: 0
Joined: Sep 2023
(Oct 23, 2023, 01:56 AM)mqldmls Wrote: (Oct 22, 2023, 06:35 AM)fl0werbomb Wrote: User:
1. Use Crackmapexec to get a list of users via RID bruteforcing
crackmapexec smb manager.htb -u 'anonymous' -p '' --rid-brute
2. You should have the following users:
- Zhong
- Cheng
- Ryan
- Raven
- JinWoo
- ChinHae
- Operator
The "Operator" account looks interesting. Try to guess the password.
Hint:
#!/usr/bin/python3
f = open('users-plain.txt', 'r')
users = ''.join(f)
print(users.lower())
f.close()
3. "Operator" can login to the MSSQL server. Use this syntax:
impacket-mssqlclient -p 1433 -windows-auth -dc-ip 10.10.11.236 "manager.htb/Operator:<password>"@10.10.11.236
4. There is a special stored procedure that lets you traverse the filesystem via MSSQL. Use that to explore an attack surface you thought wasn't exploitable.
5. Download that interesting archive and see where it takes you
how to download the archive from this utility "]impacket-mssqlclient" ?
you can't download it via mssql, but you can use xp_dirtree to traverse the filesystem. What you want is in the root of the website.
Posts: 1
Threads: 0
Joined: Oct 2023
(Oct 22, 2023, 03:55 PM)ctfenjoyer3218 Wrote: (Oct 22, 2023, 03:19 PM)ctfenjoyer3218 Wrote: I'm getting this error on the -issue-request
[-] Got access denied trying to issue certificate
Can someone help me with this?
Nevermind, I got it, I just needed to do it faster, lol
I am running the commands quickly from a bash script, still getting the [-] Got access denied trying to issue certificate, I have already synced time with the DC
Posts: 57
Threads: 2
Joined: Aug 2023
Hi everybody. How to download backup zip file? Thanks advance
Posts: 8
Threads: 0
Joined: Aug 2023
Hi, i managed to obtain the administrator.pfx file, now what should i do?
i tried pfx2john and that john but nothing works
Posts: 1
Threads: 0
Joined: Oct 2023
(Oct 23, 2023, 02:04 PM)CiccioFa Wrote: Hi, i managed to obtain the administrator.pfx file, now what should i do?
i tried pfx2john and that john but nothing works
Get TGT using the requested certificate ?
Good brother, how did you get administrator.pfx ?
Posts: 8
Threads: 0
Joined: Aug 2023
(Oct 23, 2023, 02:11 PM)ssp Wrote: (Oct 23, 2023, 02:04 PM)CiccioFa Wrote: Hi, i managed to obtain the administrator.pfx file, now what should i do?
i tried pfx2john and that john but nothing works
Get TGT using the requested certificate ?
Good brother, how did you get administrator.pfx ?
I followed the instruction on hacktricks
|
