[som3rAnd0m]

its already in, how many users do you got on your usersfile? any service accounts? the only hash i got was from e.tylar with impacket-getNPUsers (uncrackable)

I have 2 users, one is e.tylar and other is j.bret and also did you do the clouded fullpwn

i didn't made clouded, u done apolo?

---

same as me, u already pwned user.txt?

Did you try to decompile the HealthCheck.exe file ,cause  I think it has something to do with it

where is it?

Yeah I completed Appolo and that HealthCheck.exe is on the desktop of j.bret

i don't even have a shell on freedom lol, but i can help with reversing if you need

You have creds of j.bret right?

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

[eunaosei]

I have 2 users, one is e.tylar and other is j.bret and also did you do the clouded fullpwn

i didn't made clouded, u done apolo?

---

Did you try to decompile the HealthCheck.exe file ,cause  I think it has something to do with it

where is it?

Yeah I completed Appolo and that HealthCheck.exe is on the desktop of j.bret

i don't even have a shell on freedom lol, but i can help with reversing if you need

You have creds of j.bret right?

not yet, how do i get them?

[som3rAnd0m]

i didn't made clouded, u done apolo?

---

where is it?

Yeah I completed Appolo and that HealthCheck.exe is on the desktop of j.bret

i don't even have a shell on freedom lol, but i can help with reversing if you need

You have creds of j.bret right?

not yet, how do i get them?

In a text file add the names e.tylar and j.bret ,
then in the /etc/hosts file edit the file with :
<Machine IP>      freedom.htb dc1.freedom.htb
now on the same directory as the text file where you save the usernames use the below command:
impacket-GetUserSPNs -no-preauth e.tylar -request -usersfile usernames.txt -dc-ip "<Machine IP>" -target-domain freedom.htb  freedom.htb/

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

[KK1234]

Can you tell what should be done for solve apolo ? i saw smtp is up

[som3rAnd0m]

Can you tell what should be done for solve apolo ? i saw smtp is up

use this in the flowise url Api/v1/credentials
It will then give you some id
Then you need to keep it as `Api/v1/credentials?<That id>`

If you want you can see this one https://www.exploit-db.com/exploits/52001

After you get the credential it should be pretty easy for you to get user.txt and even more easy privesc "to copy" root.txt

Also I did this yesterday morning so I don't remember the exact details of it

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

[eunaosei]

In /etc/hosts file add dc1.freedom.htb too after freedom.htb And also use the command sudo ntpdate -u freedom.htb

its already in, how many users do you got on your usersfile? any service accounts? the only hash i got was from e.tylar with impacket-getNPUsers (uncrackable)

I have 2 users, one is e.tylar and other is j.bret and also did you do the clouded fullpwn

same as me, u already pwned user.txt?

Did you try to decompile the HealthCheck.exe file ,cause  I think it has something to do with it

seems that we can append a string to a system call, but i don't know how

[ZzXx2020]

this may help you

https://www.youtube.com/watch?v=oUIoH4yBT3k

[som3rAnd0m]

this may help you

https://www.youtube.com/watch?v=oUIoH4yBT3k

Hey Thanks,but I already finished that part and got user.txtand trying for root.txt ,can you help me if you have done it

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

[0xfoxy]

can anyone help in finding its root

Hey bro, how did you manage to grab the user.txt file when the hashes are unbreakable?

Watch carefully the ippsec rebound machine video(first part)

Did anyone get root?, still stuck))

---

can anyone help in finding its root

Hey bro, how did you manage to grab the user.txt file when the hashes are unbreakable?

Watch carefully the ippsec rebound machine video(first part)

Did anyone get root?, still stuck))

[eunaosei]

can anyone help in finding its root

Hey bro, how did you manage to grab the user.txt file when the hashes are unbreakable?

Watch carefully the ippsec rebound machine video(first part)

Did anyone get root?, still stuck))

---

can anyone help in finding its root

Hey bro, how did you manage to grab the user.txt file when the hashes are unbreakable?

Watch carefully the ippsec rebound machine video(first part)

Did anyone get root?, still stuck))

what have you tried so far? still no luck here too