TUTORIAL apt.htb
by ARhOmOuTEd - November 02, 2020 at 04:46 PM
#61
(November 30, 2020 at 09:24 PM)runos Wrote:
(November 30, 2020 at 08:13 PM)chernakotka Wrote: @runos

This is how 

https://airbus-cyber-security.com/the-ox...ntication/

Thanks. It says this "Only Windows machines with the version 5.6 of DCOM Remote Protocol can be abused. This version occurred in June 2008."

But it also says "Please see below results in Figure 6 of the tool when targeting a Windows 10 Pro version 1909:"

So this technique works on all Windows machines basically?

I didn't got understand like how this articles doing
#62
(December 01, 2020 at 08:46 AM)shiggy100 Wrote: crackmapexec seems to have problems with IPV6?

crackmapexec --verbose smb box.htb -u henry.vinson -H 2de80758521541d19cabba480b260e8f -d htb.local

Error: Error resolving hostname box.htb: [Errno -2] Name or service not known

AND yes box.htb resolving to the ipv6 address

doesn't really work. Any suggestions?

thanks for every helpful answer.

contact me via PM, there is a fix to that
#63
(January 02, 2021 at 10:58 PM)CaptH00k Wrote: Here are the steps I took to get root in APT. I used the idea posted in one of the threads about this machine, but I could not find it right now, so I cannot give credit. Sorry about that.

I have no idea if this is the intended way, but it was my way. =D


[Hidden Content]

Thanks bro for the sharing!!!
#64
any nudge for root part please
#65
Am struggling to get APT to call my machine using LocalSystem , any more hints?
#66
(November 02, 2020 at 04:46 PM)ARhOmOuTEd Wrote: Someone an idea on apt.htb?

There is only port 80 and 135 open.

enum more pro, there is a IPv6 and you need to enum it
#67
(February 04, 2021 at 09:57 PM)christianr Wrote: Am struggling to get APT to call my machine using LocalSystem , any more hints?

Hi, did you solved this issue, I am struggling as well?
#68
(February 06, 2021 at 03:42 PM)crankypuma Wrote:
(February 04, 2021 at 09:57 PM)christianr Wrote: Am struggling to get APT to call my machine using LocalSystem , any more hints?

Hi, did you solved this issue, I am struggling as well?

just a little hint - https://github.com/Gl3bGl4z/All_NTLM_leak
#69
Quote:1) get IPV6
2) smbclient connect to it and get backup.zip
3) crack zip with rockyou.txt
4) run secretsdump.py (impacket) on ntds.dlt
5) run kerbrute to find valid users
6) make a list of hashes
7) use crackmapexec -H hashes.txt

How do you use secretsdump on ntds without having a SYSTEM file?
#70
(February 11, 2021 at 10:37 PM)angel4444 Wrote:
Quote:1) get IPV6
2) smbclient connect to it and get backup.zip
3) crack zip with rockyou.txt
4) run secretsdump.py (impacket) on ntds.dlt
5) run kerbrute to find valid users
6) make a list of hashes
7) use crackmapexec -H hashes.txt

How do you use secretsdump on ntds without having a SYSTEM file?
when you unzip backup file, you obtain system and security file

(February 02, 2021 at 10:47 PM)Harackno Wrote:
(January 02, 2021 at 10:58 PM)CaptH00k Wrote: Here are the steps I took to get root in APT. I used the idea posted in one of the threads about this machine, but I could not find it right now, so I cannot give credit. Sorry about that.

I have no idea if this is the intended way, but it was my way. =D


[Hidden Content]

Thanks bro for the sharing!!!
thanks for sharing bro

Thanks for sharing this steps bro

Evinwinrm, that command saves my life, thanks a lot
#71
(December 01, 2020 at 08:46 AM)shiggy100 Wrote: crackmapexec seems to have problems with IPV6?

crackmapexec --verbose smb box.htb -u henry.vinson -H 2de80758521541d19cabba480b260e8f -d htb.local

Error: Error resolving hostname box.htb: [Errno -2] Name or service not known

AND yes box.htb resolving to the ipv6 address

doesn't really work. Any suggestions?

thanks for every helpful answer.

Install crackmapexec from sources with poetry
      #~ apt-get install -y libssl-dev libffi-dev python-dev build-essential
      #~ git clone --recursive https://github.com/byt3bl33d3r/CrackMapExec
      #~ cd CrackMapExec 
      #~ poetry install
      #~ poetry run crackmapexec

You need to modify the crackmapexec connections.py file to accept ipv6, these would be the changes add the following function to the code and replace the corresponding invocation line.


def gethost_addrinfo(hostname):
            try:
                for res in socket.getaddrinfo(hostname, None, socket.AF_INET6,
                        socket.SOCK_DGRAM, socket.IPPROTO_IP, socket.AI_CANONNAME):
                    af, socktype, proto, canonname, sa = res
            except socket.gaierror:
                for res in socket.getaddrinfo(hostname, None, socket.AF_INET,
                        socket.SOCK_DGRAM, socket.IPPROTO_IP, socket.AI_CANONNAME):
                    af, socktype, proto, canonname, sa = res
       
            return sa[0]

Remove:
     self.host = gethostbyname(self.hostname)
Add:
     self.host = gethost_addrinfo(self.hostname)
#72
Anyone knows online service that could crack NTLM hash for free? Tried crypt.sh, but it didn't return anything.

Possibly Related Threads…
Thread Author Replies Views Last Post
TUTORIAL HTB - APT - Full tutorial EddieFlagg 39 9,373 April 18, 2021 at 09:25 PM
Last Post: DinkyDoodle
TUTORIAL APT htb i need help asalam 0 294 April 08, 2021 at 01:16 PM
Last Post: asalam
TUTORIAL HTB - You have been banned by HTB-Bot HDplus 23 3,724 March 27, 2021 at 11:11 PM
Last Post: throwawayzero

 Users browsing this thread: 1 Guest(s)