this guys brain is absolutely massive

Its going to take me forever to get anywhere near this level of knowledge of all the systems and commands

I was doing the box last night. I finished it myself. I make a habit of then looking at writeups to learn anything new... going back to last night, I spent an hour going through they SMB shares manually. Good times.

Could you one day do a video on how you set up your kraken box? I've been thinking about setting up something similar in AWS

I saw this misconfiguration in a environment and thanx for showing your approach , helped me create proper blue-team detection rules.. As well as creating a honeytoken account and just removing all the logon hours!

9:01 smbmap -R (capital R is no longer in latest Kali version). Only -r (lowercase r) is available

I just grabbed the flag thru SMB actually. Never did PSexec, but would have been fun to do it that way.

So helpful, thanks a ton as always!! Was looking forward to this video from you! I'm in my OSCP labs right now and the Windows machines are definitely the hardest with the least info out. Thanks again!!!

running bloodhound-python remotely in Linux would give the same result but thanks though for the great walkthrough!

For anybody getting an error with smbmap and updatedb make sure you are running root or sudo on the command.

So complicated and advanced but it's very informative

hey what happend to the premire thing ?! found it helpful & cool that we could ask you questions!

This is why you don't use domain administrator accounts to run Kerberos services! The hash of any kerberos service account can be collected via the kerberoasting he does, so ideally every service account has a strong password and follows the principle of least privilege.

hey there Ipp, I've got a question. How did you know that in order to decrypt the password you need to use the gppdecrypt program. I mean I know that you've done these boxes before, but even then, is it identifiable just by looking at it?

Hi @IppSec Do you mind if you can share the specs of your kraken ? I saw you were running 4 GPUs, does hashcat auto-detects these GPUs ?

Hi, I know this is an old video but since you are still active. Could you make the font larger in the terminal. I watch your videos on my phone and it's really hard to read. Great content though

I got results from smbclient and can even get into shares folder but smbmap didn't show anything not even shared folders. It says Access Denied. Why it behaves like that?

Great video, thank you!

This box was pretty cool.

I think on that dns issue on the windows box you could change the binding order on the nic but could be wrong

anyone in oscp should watch this video

8:21, look below, its telling u which shares are open!

I dont know what is wrong with this box, ive reverted the box and typing smbclient -L //10.10.10.100 -N to list shares but it doesnt give me a list of shares. It says protocol negotiation failed: NT_STATUS_CONNECTION_RESET.

How would one go about with the Bloodhound step using kali instead of windows?

That's odd, I was able to psexec (the .py version from impacket) to Admin perms with the SVC_TGS. Still a great BloodHound tutorial though!

What's the hardware specification of your kracken machine

when I scan using the same nmap command (-sV and -sC) it says all ports are filtered and doesn't give any version information :/

Thanks

What's the difference between xargs grep and just piping to grep?

Hello, i want to prevent from using ldapsearch or other tools to enumeration ldap on Domain. can you guide me how to prevent it?

I did this box without bloodhound I just did kerberoasting after I got the password.

wondering that how this box is an easy one lol, i have to watch video 3 times in a row in order to just understand what is even happening. Anyways thanks for the video #windowsBoxesSucks

That's awesome..

Anybody knows why I do not see groups.xml file? Neither when I list files/directories using smbmap nor when I am searching for file itself: smbmap -R Replication -H 10.10.10.100 -A Groups.xml ?

What if smb is still complaining with NT_STATUS_INVALID_INFO_CLASS listing \* ? Thanks

Just one thing: how can you tell that the administrator is kerberoastable by watching the graph in bloodhound ? Cause I see you've got the node admnistrator and the node dc.active.htb.

Is it possible to connect to the windows machine from Linux, as a non admin user, having the password in plaintext, without RDP enabled?

I full screened this at 07:30 before leaving for work, fell asleep at the computer, and woke up with the fear cause I thought it was 11:04am. Forgot I full screened it lol

Hello IppSec! man, got hooked with hackthebox, fantastic way to learn about pentesting, trying to clear all the easy ones first and then move on into harder stuff. I have been getting the same error over and over and for some reason i don't find an answer to it, when i run ms17_010_eternalblue to try to gain access to a windows box i always get the same message: [*] Started reverse TCP handler on 10.10.15.10:4444 [*] 10.10.10.161:445 - Connecting to target for exploitation. [+] 10.10.10.161:445 - Connection established for exploitation. [!] 10.10.10.161:445 - Target OS selected not valid for OS indicated by SMB reply [!] 10.10.10.161:445 - Disable VerifyTarget option to proceed manually... [-] 10.10.10.161:445 - Unable to continue with improper OS Target. [*] Exploit completed, but no session was created. Hope you see this, Thanks for what you do man.

any ideas why dns recon keeps maxing out my ram, then overflowing into swap memory and completely freezing my Linux vm? I have upped my ram on my Kali VM to 16gigs and whenever I run dnsrecon it keeps using more and more ram until it maxes it out and completely freezes the virtual machine until I shut it down and start it up again. This can't be normal can it? Appreciate all the videos!

This box is one in the row i couldn't resolve (:

Getting a user on this was pretty easy , but root was way difficult if you dont have AD exp :-)

nmap scan says all ports are filtered for me with same setup

getadusers asking for import version tried many way but didn't get results yet

I failed to get root ☹️ Thanks for the video ippsec 😊

I think there's a way to specify DNS in sharphound

Could you make a walkthrough on smasher ? I want to see your approach to it.

Hi can u send link to video where configure Bloodhound?

holy shit.... 4 1080's....

smbmap -H 10.10.10.100 works fine. Why is this happening?

Hold me accountable yall!!!

Very difficult

hello dear, I have been trying to enumerate Kioptrix1 (which is running samba 2.2.1a) using "smbclient -L host", however, I'm getting NT_SATATUS_IO_TIMEOUT error. I looked at the Wireshark output, I found out that the server (Kioptrix) is not responding to the "Negotiate Protocol Request" packet sent by the client. Please I need your help! Thank you in advance.

For anyone getting "Authentication Error" when running smbmap. There are some python packages that need to be installed/updated. See "Install Requirements" section at github.com/ShawnDEvans/smbmap

Do you solve machines in a VM? If so , why?

i though this box was boring

-DNSServer 3.2.1.1

can you speak little bit slowly? :-)

I don't see the Groups.xml on the share.