|
TheFrizz Hack the Box Season 7 (Windows Medium)
by RedBlock - Saturday March 15, 2025 at 03:36 PM
|
|
Mar 16, 2025, 12:07 AM
(Mar 15, 2025, 11:59 PM)AbsolutelyMadProc Wrote: There's a 7z file in Recycle Bin that contains the password for M.Schoolbus. The user has WriteGPLInk perms over Class_FRIZZ and DOMAIN CONTROLLERS. Haven't looked into exploitation yet I just got something out there I think next steop is paswword spray? [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String("STRING"))
Mar 16, 2025, 12:24 AM
got problems with the gssapi too .. i m trying to cofigure krbr5.conf
[realms] FRIZZ.HTB = { kdc = frizzdc.frizz.htb admin_server = frizzdc.frizz.htb default_domain = frizz.htb }
Mar 16, 2025, 12:27 AM
(Mar 16, 2025, 12:24 AM)cavour13 Wrote: got problems with the gssapi too .. i m trying to cofigure krbr5.conf take this: [libdefaults] default_realm = FRIZZ.HTB dns_lookup_realm = false dns_lookup_kdc = false [realms] FRIZZ.HTB = { kdc = frizzdc.frizz.htb admin_server = frizzdc.frizz.htb } [domain_realm] .frizz.htb = FRIZZ.HTB frizz.htb = FRIZZ.HTB
Mar 16, 2025, 12:34 AM
exactly what i did before with no luck.. i m sure to got the ccache and command is evil-winrm -i ip -r frizz.htb -k ccache
that's couse i omissed all the other parts
Mar 16, 2025, 12:40 AM
(Mar 16, 2025, 12:34 AM)cavour13 Wrote: exactly what i did before with no luck.. i m sure to got the ccache and command is evil-winrm -i ip -r frizz.htb -k ccache R U using release arena? I didn't cope with public machines (tried several of them), then switched to RA. Works well.
Mar 16, 2025, 12:44 AM
Yeah i m on release arena 10.129 ones
Mar 16, 2025, 12:44 AM
krb5.conf
[libdefaults] default_realm = FRIZZ.HTB dns_lookup_realm = false dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = true proxiable = true [realms] FRIZZ.HTB = { kdc = frizzdc.frizz.htb admin_server = frizzdc.frizz.htb default_domain = frizz.htb } [domain_realm] .frizz.htb = FRIZZ.HTB frizz.htb = FRIZZ.HTB sudo ntpdate 10.10.11.60 getTGT.py frizz.htb/f.frizzle export KRB5CCNAME=f.frizzle.ccache ssh f.frizzle@10.10.11.60 This work for me
Mar 16, 2025, 12:46 AM
I did:
faketime "$(ntpdate -q frizz.htb | awk '{print $1" "$2}')" zsh impacket-getTGT frizz.htb/m.schoolbus:'PASSWORD' -dc-ip frizzdc.frizz.htb export KRB5CCNAME=m.schoolbus.ccache evil-winrm -i frizzdc.frizz.htb -r frizz.htb -k m.schoolbus.ccache
Mar 16, 2025, 12:50 AM
in my case no i tried also you exact command LOL
i generated week f.frizzle.ccache exported then ssh says about gssapi permission denied and also with winrm  i will reboot the istacen i m 100% certain it's a server fault
Mar 16, 2025, 12:54 AM
(Mar 16, 2025, 12:50 AM)cavour13 Wrote: in my case no i tried also you exact command LOL Did you uodate your time to match the server ? sudo ntpdate -s SERVER_IPThis forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching. |
|
« Next Oldest | Next Newest »
|
| Possibly Related Threads… | |||||
| Thread | Author | Replies | Views | Last Post | |
| Hack the box Pro Labs, VIP, VIP+ 1 month free Method | 25 | 2,506 |
5 hours ago Last Post: cry_elite |
||
| CBBH Write Ups | 25 | 6,557 |
5 hours ago Last Post: cry_elite |
||
| [FREE] CPTS 12 FLAGS | 84 | 2,895 |
5 hours ago Last Post: justhelpmefly |
||
| [FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags | 33 | 3,081 |
5 hours ago Last Post: justhelpmefly |
||
| [FREE] HackTheBox Academy - CAPE Path Study | 44 | 4,419 |
6 hours ago Last Post: useryuserx |
||
