[D347H]

i got DC01$::MANAGER:17ed3a8cf .. ntlm but i dont success to crack it

any hint on next step please?

[M4RCK]

i got DC01$::MANAGER:17ed3a8cf .. ntlm but i dont success to crack it
 

any hint on next step please?

I stopped after getting users what have you done to get it?

[D347H]

i got DC01$::MANAGER:17ed3a8cf .. ntlm but i dont success to crack it
 

any hint on next step please?

I stopped after getting users what have you done to get it?

spray users

[M4RCK]

i got DC01$::MANAGER:17ed3a8cf .. ntlm but i dont success to crack it
 

any hint on next step please?

I stopped after getting users what have you done to get it?

spray users

I have already list of users but I can't get hashes and e.t.c

---

i got DC01$::MANAGER:17ed3a8cf .. ntlm but i dont success to crack it
 

any hint on next step please?

I stopped after getting users what have you done to get it?

spray users

Check PM please

[peRd1]

spray users

But they don't have UF_DONT_REQUIRE_PREAUTH set.

[0Pain]

i got DC01$::MANAGER:17ed3a8cf .. ntlm but i dont success to crack it

any hint on next step please?

pass the hash? dont think you need to crack ntlms. windows work with hashes,

[chillywilly]

its netntlmv2 not ntlm

[1145141919810]

[-] Kerberos SessionError: KDC_ERR_C_PRINCIPAL_UNKNOWN(Client not found in Kerberos database)
[-] Kerberos SessionError: KDC_ERR_C_PRINCIPAL_UNKNOWN(Client not found in Kerberos database)
[-] Kerberos SessionError: KDC_ERR_C_PRINCIPAL_UNKNOWN(Client not found in Kerberos database)
[-] User DC01$ doesn't have UF_DONT_REQUIRE_PREAUTH set
[-] Kerberos SessionError: KDC_ERR_C_PRINCIPAL_UNKNOWN(Client not found in Kerberos database)
[-] Kerberos SessionError: KDC_ERR_C_PRINCIPAL_UNKNOWN(Client not found in Kerberos database)
[-] Kerberos SessionError: KDC_ERR_C_PRINCIPAL_UNKNOWN(Client not found in Kerberos database)
[-] User Zhong doesn't have UF_DONT_REQUIRE_PREAUTH set
[-] User Cheng doesn't have UF_DONT_REQUIRE_PREAUTH set
[-] User Ryan doesn't have UF_DONT_REQUIRE_PREAUTH set

it shows this Could you give me some tips for what to do next. thank

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Hacked | Change your password or Contact us via https://breachforums.ai/contact if you feel this is incorrect or file appeal.

[krepe]

i got DC01$::MANAGER:17ed3a8cf .. ntlm but i dont success to crack it

any hint on next step please?

I have the same problem, how did u find the ntlm hash?

---

i got DC01$::MANAGER:17ed3a8cf .. ntlm but i dont success to crack it
 

any hint on next step please?

I stopped after getting users what have you done to get it?

spray users

I have already list of users but I can't get hashes and e.t.c

---

i got DC01$::MANAGER:17ed3a8cf .. ntlm but i dont success to crack it
 

any hint on next step please?

I stopped after getting users what have you done to get it?

spray users

Check PM please

Can i also get some hints plz?

mssql 
password reuse for one of the users 
xp_dirtree for the hash

that hash doesn't really get you anywhere
after you use the info above and get mssql session
check the www directory, youll have enough info for user

[Miisaki]

User: 
1. Use Crackmapexec to get a list of users via RID bruteforcing

crackmapexec smb manager.htb -u 'anonymous' -p '' --rid-brute

2. You should have the following users:

• Zhong
  
• Cheng
  
• Ryan
  
• Raven
  
• JinWoo
  
• ChinHae
  
• Operator
  

The "Operator" account looks interesting. Try to guess the password.
Hint:

#!/usr/bin/python3

f = open('users-plain.txt', 'r')
users = ''.join(f)

print(users.lower())

f.close()

3. "Operator" can login to the MSSQL server. Use this syntax:

impacket-mssqlclient -p 1433 -windows-auth -dc-ip 10.10.11.236 "manager.htb/Operator:<password>"@10.10.11.236

4. There is a special stored procedure that lets you traverse the filesystem via MSSQL. Use that to explore an attack surface you thought wasn't exploitable. 

5. Download that interesting archive and see where it takes you