Posts: 78 Threads: 0 Joined: N/A September 20, 2022 at 4:25 AM (September 15, 2022, 07:33 PM)Hacker2222 Wrote: (September 15, 2022, 05:39 AM)meowmeowattack Wrote: not sure what to proceed next
after inspecting the ldb file, where you can find the domain sid, a domain user and the credential hash
var/lib/sss/db/cache_windcorp.htb.ldb
the credential hash can be john'd to reveal the password of the domain user
from there, can also do impersonation to get a Administrator.ccache
but the thing is, from the dns zone transfer and other info found, there are only two hosts found in the domain, webserver and hope. and none of them has any of the smb, ldap ports open. i start to wonder where to proceed next.
it is curious though, which host is serving the ssh port, it's nowhere to be found yet.
Edit: found new hosts by cracking the known_hosts file.
i think u can use password of ray.duncan to lgoin with ssh ? container has kinit &u can login using kinit ray.duncan then ssh -k to login ? ssh login as ray.duncan does not work tho ....... (September 20, 2022, 04:20 AM)samhub123 Wrote: (September 20, 2022, 03:49 AM)meowmeowattack Wrote: (September 15, 2022, 07:33 PM)Hacker2222 Wrote: (September 15, 2022, 05:39 AM)meowmeowattack Wrote: not sure what to proceed next
after inspecting the ldb file, where you can find the domain sid, a domain user and the credential hash
var/lib/sss/db/cache_windcorp.htb.ldb
the credential hash can be john'd to reveal the password of the domain user
from there, can also do impersonation to get a Administrator.ccache
but the thing is, from the dns zone transfer and other info found, there are only two hosts found in the domain, webserver and hope. and none of them has any of the smb, ldap ports open. i start to wonder where to proceed next.
it is curious though, which host is serving the ssh port, it's nowhere to be found yet.
Edit: found new hosts by cracking the known_hosts file.
i think u can use password of ray.duncan to lgoin with ssh ? container has kinit &u can login using kinit ray.duncan then ssh -k to login ? ssh login as ray.duncan does not work tho ....... (September 20, 2022, 02:41 AM)Hacker2222 Wrote: (September 20, 2022, 01:48 AM)samhub123 Wrote: (September 20, 2022, 01:27 AM)Hacker2222 Wrote: try writeable dirs in %WINDIR% not in exeption list
I did a icacls on C:\windows\* and also checked whoami /groups but i dont see anything that has modify permissions.
just google writeable dirs on %WINDIR% and look at exeptions . u can have write on dirs within dirs.....
i think i stepped on my own feet while trying to keep the commands as short as possible. it turns out for start-process to run an exe, the file extension actually matters....
what payload are you compiling into the bypass? it is the original github repo mentioned before in the thread, just changed the ip to your ip and prepare a ps payload * compile * upload to a subdir under one of the %WINDIR% on the exception list, you can spot by looking at the timestamp * add full access rights * trigger Posts: 57 Threads: 0 Joined: N/A September 20, 2022 at 4:40 AM Okay, i did things slightly different to get a shell
I uploaded a nc binary to the exceptions folder
modified the bypass to run my nc binary reverse shell command
uploaded the bypass to exceptions folder
trigger the bypass
got a shell
update: did initial winpeas enum.
will try to run bloodhound later. Posts: 78 Threads: 0 Joined: N/A September 20, 2022 at 6:45 AM (September 15, 2022, 07:33 PM)Hacker2222 Wrote: (September 15, 2022, 05:39 AM)meowmeowattack Wrote: not sure what to proceed next
after inspecting the ldb file, where you can find the domain sid, a domain user and the credential hash
var/lib/sss/db/cache_windcorp.htb.ldb
the credential hash can be john'd to reveal the password of the domain user
from there, can also do impersonation to get a Administrator.ccache
but the thing is, from the dns zone transfer and other info found, there are only two hosts found in the domain, webserver and hope. and none of them has any of the smb, ldap ports open. i start to wonder where to proceed next.
it is curious though, which host is serving the ssh port, it's nowhere to be found yet.
Edit: found new hosts by cracking the known_hosts file.
i think u can use password of ray.duncan to lgoin with ssh ? container has kinit &u can login using kinit ray.duncan then ssh -k to login ? ssh login as ray.duncan does not work tho ....... (September 20, 2022, 04:40 AM)samhub123 Wrote: Okay, i did things slightly different to get a shell
I uploaded a nc binary to the exceptions folder
modified the bypass to run my nc binary reverse shell command
uploaded the bypass to exceptions folder
trigger the bypass
got a shell
update: did initial winpeas enum.
will try to run bloodhound later. i've done those, you may grab the results from wc-share if the box hasn't been reset Posts: 57 Threads: 0 Joined: N/A September 20, 2022 at 8:54 AM (September 20, 2022, 06:45 AM)meowmeowattack Wrote: (September 15, 2022, 07:33 PM)Hacker2222 Wrote: (September 15, 2022, 05:39 AM)meowmeowattack Wrote: not sure what to proceed next
after inspecting the ldb file, where you can find the domain sid, a domain user and the credential hash
var/lib/sss/db/cache_windcorp.htb.ldb
the credential hash can be john'd to reveal the password of the domain user
from there, can also do impersonation to get a Administrator.ccache
but the thing is, from the dns zone transfer and other info found, there are only two hosts found in the domain, webserver and hope. and none of them has any of the smb, ldap ports open. i start to wonder where to proceed next.
it is curious though, which host is serving the ssh port, it's nowhere to be found yet.
Edit: found new hosts by cracking the known_hosts file.
i think u can use password of ray.duncan to lgoin with ssh ? container has kinit &u can login using kinit ray.duncan then ssh -k to login ? ssh login as ray.duncan does not work tho ....... (September 20, 2022, 04:40 AM)samhub123 Wrote: Okay, i did things slightly different to get a shell
I uploaded a nc binary to the exceptions folder
modified the bypass to run my nc binary reverse shell command
uploaded the bypass to exceptions folder
trigger the bypass
got a shell
update: did initial winpeas enum.
will try to run bloodhound later.
i've done those, you may grab the results from wc-share if the box hasn't been reset I cant do that coz i am on a VIP server with my own box instance. Also tried variod methods but cannot run sharphound and import it coz of Constained language. Used the compiled binary with arguments but still cannot load it. Posts: 78 Threads: 0 Joined: N/A September 20, 2022 at 9:05 AM (September 15, 2022, 07:33 PM)Hacker2222 Wrote: (September 15, 2022, 05:39 AM)meowmeowattack Wrote: not sure what to proceed next
after inspecting the ldb file, where you can find the domain sid, a domain user and the credential hash
var/lib/sss/db/cache_windcorp.htb.ldb
the credential hash can be john'd to reveal the password of the domain user
from there, can also do impersonation to get a Administrator.ccache
but the thing is, from the dns zone transfer and other info found, there are only two hosts found in the domain, webserver and hope. and none of them has any of the smb, ldap ports open. i start to wonder where to proceed next.
it is curious though, which host is serving the ssh port, it's nowhere to be found yet.
Edit: found new hosts by cracking the known_hosts file.
i think u can use password of ray.duncan to lgoin with ssh ? container has kinit &u can login using kinit ray.duncan then ssh -k to login ? ssh login as ray.duncan does not work tho ....... (September 20, 2022, 08:54 AM)samhub123 Wrote: (September 20, 2022, 06:45 AM)meowmeowattack Wrote: (September 15, 2022, 07:33 PM)Hacker2222 Wrote: (September 15, 2022, 05:39 AM)meowmeowattack Wrote: not sure what to proceed next
after inspecting the ldb file, where you can find the domain sid, a domain user and the credential hash
var/lib/sss/db/cache_windcorp.htb.ldb
the credential hash can be john'd to reveal the password of the domain user
from there, can also do impersonation to get a Administrator.ccache
but the thing is, from the dns zone transfer and other info found, there are only two hosts found in the domain, webserver and hope. and none of them has any of the smb, ldap ports open. i start to wonder where to proceed next.
it is curious though, which host is serving the ssh port, it's nowhere to be found yet.
Edit: found new hosts by cracking the known_hosts file.
i think u can use password of ray.duncan to lgoin with ssh ? container has kinit &u can login using kinit ray.duncan then ssh -k to login ? ssh login as ray.duncan does not work tho ....... (September 20, 2022, 04:40 AM)samhub123 Wrote: Okay, i did things slightly different to get a shell
I uploaded a nc binary to the exceptions folder
modified the bypass to run my nc binary reverse shell command
uploaded the bypass to exceptions folder
trigger the bypass
got a shell
update: did initial winpeas enum.
will try to run bloodhound later.
i've done those, you may grab the results from wc-share if the box hasn't been reset
I cant do that coz i am on a VIP server with my own box instance.
Also tried variod methods but cannot run sharphound and import it coz of Constained language. Used the compiled binary with arguments but still cannot load it. oh, i see. that's weird, are you running it from an exempted folder? running sharphound binary was pretty straightforward for me Posts: 57 Threads: 0 Joined: N/A September 20, 2022 at 9:33 AM (September 20, 2022, 09:05 AM)meowmeowattack Wrote: (September 15, 2022, 07:33 PM)Hacker2222 Wrote: (September 15, 2022, 05:39 AM)meowmeowattack Wrote: not sure what to proceed next
after inspecting the ldb file, where you can find the domain sid, a domain user and the credential hash
var/lib/sss/db/cache_windcorp.htb.ldb
the credential hash can be john'd to reveal the password of the domain user
from there, can also do impersonation to get a Administrator.ccache
but the thing is, from the dns zone transfer and other info found, there are only two hosts found in the domain, webserver and hope. and none of them has any of the smb, ldap ports open. i start to wonder where to proceed next.
it is curious though, which host is serving the ssh port, it's nowhere to be found yet.
Edit: found new hosts by cracking the known_hosts file.
i think u can use password of ray.duncan to lgoin with ssh ? container has kinit &u can login using kinit ray.duncan then ssh -k to login ? ssh login as ray.duncan does not work tho ....... (September 20, 2022, 08:54 AM)samhub123 Wrote: (September 20, 2022, 06:45 AM)meowmeowattack Wrote: (September 15, 2022, 07:33 PM)Hacker2222 Wrote: (September 15, 2022, 05:39 AM)meowmeowattack Wrote: not sure what to proceed next
after inspecting the ldb file, where you can find the domain sid, a domain user and the credential hash
var/lib/sss/db/cache_windcorp.htb.ldb
the credential hash can be john'd to reveal the password of the domain user
from there, can also do impersonation to get a Administrator.ccache
but the thing is, from the dns zone transfer and other info found, there are only two hosts found in the domain, webserver and hope. and none of them has any of the smb, ldap ports open. i start to wonder where to proceed next.
it is curious though, which host is serving the ssh port, it's nowhere to be found yet.
Edit: found new hosts by cracking the known_hosts file.
i think u can use password of ray.duncan to lgoin with ssh ? container has kinit &u can login using kinit ray.duncan then ssh -k to login ? ssh login as ray.duncan does not work tho ....... (September 20, 2022, 04:40 AM)samhub123 Wrote: Okay, i did things slightly different to get a shell
I uploaded a nc binary to the exceptions folder
modified the bypass to run my nc binary reverse shell command
uploaded the bypass to exceptions folder
trigger the bypass
got a shell
update: did initial winpeas enum.
will try to run bloodhound later.
i've done those, you may grab the results from wc-share if the box hasn't been reset
I cant do that coz i am on a VIP server with my own box instance.
Also tried variod methods but cannot run sharphound and import it coz of Constained language. Used the compiled binary with arguments but still cannot load it.
oh, i see. that's weird, are you running it from an exempted folder? running sharphound binary was pretty straightforward for me yeah i tried the exe file and when i open the zip in bloodhound it says bad json. Tried multiple times. hence was trying the sharphound.ps1 Posts: 78 Threads: 0 Joined: N/A September 20, 2022 at 9:48 AM (September 15, 2022, 07:33 PM)Hacker2222 Wrote: (September 15, 2022, 05:39 AM)meowmeowattack Wrote: not sure what to proceed next
after inspecting the ldb file, where you can find the domain sid, a domain user and the credential hash
var/lib/sss/db/cache_windcorp.htb.ldb
the credential hash can be john'd to reveal the password of the domain user
from there, can also do impersonation to get a Administrator.ccache
but the thing is, from the dns zone transfer and other info found, there are only two hosts found in the domain, webserver and hope. and none of them has any of the smb, ldap ports open. i start to wonder where to proceed next.
it is curious though, which host is serving the ssh port, it's nowhere to be found yet.
Edit: found new hosts by cracking the known_hosts file.
i think u can use password of ray.duncan to lgoin with ssh ? container has kinit &u can login using kinit ray.duncan then ssh -k to login ? ssh login as ray.duncan does not work tho ....... (September 20, 2022, 09:33 AM)samhub123 Wrote: (September 20, 2022, 09:05 AM)meowmeowattack Wrote: (September 15, 2022, 07:33 PM)Hacker2222 Wrote: (September 15, 2022, 05:39 AM)meowmeowattack Wrote: not sure what to proceed next
after inspecting the ldb file, where you can find the domain sid, a domain user and the credential hash
var/lib/sss/db/cache_windcorp.htb.ldb
the credential hash can be john'd to reveal the password of the domain user
from there, can also do impersonation to get a Administrator.ccache
but the thing is, from the dns zone transfer and other info found, there are only two hosts found in the domain, webserver and hope. and none of them has any of the smb, ldap ports open. i start to wonder where to proceed next.
it is curious though, which host is serving the ssh port, it's nowhere to be found yet.
Edit: found new hosts by cracking the known_hosts file.
i think u can use password of ray.duncan to lgoin with ssh ? container has kinit &u can login using kinit ray.duncan then ssh -k to login ? ssh login as ray.duncan does not work tho ....... (September 20, 2022, 08:54 AM)samhub123 Wrote: (September 20, 2022, 06:45 AM)meowmeowattack Wrote: (September 15, 2022, 07:33 PM)Hacker2222 Wrote: i think u can use password of ray.duncan to lgoin with ssh ? container has kinit &u can login using kinit ray.duncan then ssh -k to login ? ssh login as ray.duncan does not work tho ....... (September 20, 2022, 04:40 AM)samhub123 Wrote: Okay, i did things slightly different to get a shell
I uploaded a nc binary to the exceptions folder
modified the bypass to run my nc binary reverse shell command
uploaded the bypass to exceptions folder
trigger the bypass
got a shell
update: did initial winpeas enum.
will try to run bloodhound later.
i've done those, you may grab the results from wc-share if the box hasn't been reset
I cant do that coz i am on a VIP server with my own box instance.
Also tried variod methods but cannot run sharphound and import it coz of Constained language. Used the compiled binary with arguments but still cannot load it.
oh, i see. that's weird, are you running it from an exempted folder? running sharphound binary was pretty straightforward for me
yeah i tried the exe file and when i open the zip in bloodhound it says bad json. Tried multiple times. hence was trying the sharphound.ps1 i had the same issue the first time, cause i used the sharphound.exe that came with kali. then i just downloaded the latest version of sharphound.exe, then it worked. i think the version on kali may be outdated.
anyone able to confirm if the scripts under c:\script is a rabbit hole for PE? * c:\script\copy.ps1, not readable * c:\script\usermobile.ps1, runs as scriptrunner, useless * c:\script\setphone.ps1, runs as sekhmet, but not exploitable Posts: 57 Threads: 0 Joined: N/A September 20, 2022 at 9:53 AM (September 20, 2022, 09:48 AM)meowmeowattack Wrote: (September 15, 2022, 07:33 PM)Hacker2222 Wrote: (September 15, 2022, 05:39 AM)meowmeowattack Wrote: not sure what to proceed next
after inspecting the ldb file, where you can find the domain sid, a domain user and the credential hash
var/lib/sss/db/cache_windcorp.htb.ldb
the credential hash can be john'd to reveal the password of the domain user
from there, can also do impersonation to get a Administrator.ccache
but the thing is, from the dns zone transfer and other info found, there are only two hosts found in the domain, webserver and hope. and none of them has any of the smb, ldap ports open. i start to wonder where to proceed next.
it is curious though, which host is serving the ssh port, it's nowhere to be found yet.
Edit: found new hosts by cracking the known_hosts file.
i think u can use password of ray.duncan to lgoin with ssh ? container has kinit &u can login using kinit ray.duncan then ssh -k to login ? ssh login as ray.duncan does not work tho ....... (September 20, 2022, 09:33 AM)samhub123 Wrote: (September 20, 2022, 09:05 AM)meowmeowattack Wrote: (September 15, 2022, 07:33 PM)Hacker2222 Wrote: (September 15, 2022, 05:39 AM)meowmeowattack Wrote: not sure what to proceed next
after inspecting the ldb file, where you can find the domain sid, a domain user and the credential hash
var/lib/sss/db/cache_windcorp.htb.ldb
the credential hash can be john'd to reveal the password of the domain user
from there, can also do impersonation to get a Administrator.ccache
but the thing is, from the dns zone transfer and other info found, there are only two hosts found in the domain, webserver and hope. and none of them has any of the smb, ldap ports open. i start to wonder where to proceed next.
it is curious though, which host is serving the ssh port, it's nowhere to be found yet.
Edit: found new hosts by cracking the known_hosts file.
i think u can use password of ray.duncan to lgoin with ssh ? container has kinit &u can login using kinit ray.duncan then ssh -k to login ? ssh login as ray.duncan does not work tho ....... (September 20, 2022, 08:54 AM)samhub123 Wrote: (September 20, 2022, 06:45 AM)meowmeowattack Wrote: i've done those, you may grab the results from wc-share if the box hasn't been reset
I cant do that coz i am on a VIP server with my own box instance.
Also tried variod methods but cannot run sharphound and import it coz of Constained language. Used the compiled binary with arguments but still cannot load it.
oh, i see. that's weird, are you running it from an exempted folder? running sharphound binary was pretty straightforward for me
yeah i tried the exe file and when i open the zip in bloodhound it says bad json. Tried multiple times. hence was trying the sharphound.ps1
i had the same issue the first time, cause i used the sharphound.exe that came with kali. then i just downloaded the latest version of sharphound.exe, then it worked. i think the version on kali may be outdated.
anyone able to confirm if the scripts under c:\script is a rabbit hole for PE?
* c:\script\copy.ps1, not readable
* c:\script\usermobile.ps1, runs as scriptrunner, useless
* c:\script\setphone.ps1, runs as sekhmet, but not exploitable i am using both the latert sharphound.exe and bloodhound from git repos. same error. UPDATE: nevermid. Import graph option does not work, but dragging and dropping works. super weird. Could not find a valid PE path using bloodhound :( Posts: 78 Threads: 0 Joined: N/A September 20, 2022 at 10:04 AM (September 15, 2022, 07:33 PM)Hacker2222 Wrote: (September 15, 2022, 05:39 AM)meowmeowattack Wrote: not sure what to proceed next
after inspecting the ldb file, where you can find the domain sid, a domain user and the credential hash
var/lib/sss/db/cache_windcorp.htb.ldb
the credential hash can be john'd to reveal the password of the domain user
from there, can also do impersonation to get a Administrator.ccache
but the thing is, from the dns zone transfer and other info found, there are only two hosts found in the domain, webserver and hope. and none of them has any of the smb, ldap ports open. i start to wonder where to proceed next.
it is curious though, which host is serving the ssh port, it's nowhere to be found yet.
Edit: found new hosts by cracking the known_hosts file.
i think u can use password of ray.duncan to lgoin with ssh ? container has kinit &u can login using kinit ray.duncan then ssh -k to login ? ssh login as ray.duncan does not work tho ....... (September 20, 2022, 09:53 AM)samhub123 Wrote: (September 20, 2022, 09:48 AM)meowmeowattack Wrote: (September 15, 2022, 07:33 PM)Hacker2222 Wrote: (September 15, 2022, 05:39 AM)meowmeowattack Wrote: not sure what to proceed next
after inspecting the ldb file, where you can find the domain sid, a domain user and the credential hash
var/lib/sss/db/cache_windcorp.htb.ldb
the credential hash can be john'd to reveal the password of the domain user
from there, can also do impersonation to get a Administrator.ccache
but the thing is, from the dns zone transfer and other info found, there are only two hosts found in the domain, webserver and hope. and none of them has any of the smb, ldap ports open. i start to wonder where to proceed next.
it is curious though, which host is serving the ssh port, it's nowhere to be found yet.
Edit: found new hosts by cracking the known_hosts file.
i think u can use password of ray.duncan to lgoin with ssh ? container has kinit &u can login using kinit ray.duncan then ssh -k to login ? ssh login as ray.duncan does not work tho ....... (September 20, 2022, 09:33 AM)samhub123 Wrote: (September 20, 2022, 09:05 AM)meowmeowattack Wrote: (September 15, 2022, 07:33 PM)Hacker2222 Wrote: i think u can use password of ray.duncan to lgoin with ssh ? container has kinit &u can login using kinit ray.duncan then ssh -k to login ? ssh login as ray.duncan does not work tho ....... (September 20, 2022, 08:54 AM)samhub123 Wrote: I cant do that coz i am on a VIP server with my own box instance.
Also tried variod methods but cannot run sharphound and import it coz of Constained language. Used the compiled binary with arguments but still cannot load it.
oh, i see. that's weird, are you running it from an exempted folder? running sharphound binary was pretty straightforward for me
yeah i tried the exe file and when i open the zip in bloodhound it says bad json. Tried multiple times. hence was trying the sharphound.ps1
i had the same issue the first time, cause i used the sharphound.exe that came with kali. then i just downloaded the latest version of sharphound.exe, then it worked. i think the version on kali may be outdated.
anyone able to confirm if the scripts under c:\script is a rabbit hole for PE?
* c:\script\copy.ps1, not readable
* c:\script\usermobile.ps1, runs as scriptrunner, useless
* c:\script\setphone.ps1, runs as sekhmet, but not exploitable
i am using both the latert sharphound.exe and bloodhound from git repos. same error. okay... that's unfortunate, FYI, my bloodhound version is: Version: 4.1.1, and sharphound version is: v1.1.0 not sure if it helps Posts: 57 Threads: 0 Joined: N/A September 20, 2022 at 10:10 AM (September 20, 2022, 10:04 AM)meowmeowattack Wrote: (September 15, 2022, 07:33 PM)Hacker2222 Wrote: (September 15, 2022, 05:39 AM)meowmeowattack Wrote: not sure what to proceed next
after inspecting the ldb file, where you can find the domain sid, a domain user and the credential hash
var/lib/sss/db/cache_windcorp.htb.ldb
the credential hash can be john'd to reveal the password of the domain user
from there, can also do impersonation to get a Administrator.ccache
but the thing is, from the dns zone transfer and other info found, there are only two hosts found in the domain, webserver and hope. and none of them has any of the smb, ldap ports open. i start to wonder where to proceed next.
it is curious though, which host is serving the ssh port, it's nowhere to be found yet.
Edit: found new hosts by cracking the known_hosts file.
i think u can use password of ray.duncan to lgoin with ssh ? container has kinit &u can login using kinit ray.duncan then ssh -k to login ? ssh login as ray.duncan does not work tho ....... (September 20, 2022, 09:53 AM)samhub123 Wrote: (September 20, 2022, 09:48 AM)meowmeowattack Wrote: (September 15, 2022, 07:33 PM)Hacker2222 Wrote: (September 15, 2022, 05:39 AM)meowmeowattack Wrote: not sure what to proceed next
after inspecting the ldb file, where you can find the domain sid, a domain user and the credential hash
var/lib/sss/db/cache_windcorp.htb.ldb
the credential hash can be john'd to reveal the password of the domain user
from there, can also do impersonation to get a Administrator.ccache
but the thing is, from the dns zone transfer and other info found, there are only two hosts found in the domain, webserver and hope. and none of them has any of the smb, ldap ports open. i start to wonder where to proceed next.
it is curious though, which host is serving the ssh port, it's nowhere to be found yet.
Edit: found new hosts by cracking the known_hosts file.
i think u can use password of ray.duncan to lgoin with ssh ? container has kinit &u can login using kinit ray.duncan then ssh -k to login ? ssh login as ray.duncan does not work tho ....... (September 20, 2022, 09:33 AM)samhub123 Wrote: (September 20, 2022, 09:05 AM)meowmeowattack Wrote: oh, i see. that's weird, are you running it from an exempted folder? running sharphound binary was pretty straightforward for me
yeah i tried the exe file and when i open the zip in bloodhound it says bad json. Tried multiple times. hence was trying the sharphound.ps1
i had the same issue the first time, cause i used the sharphound.exe that came with kali. then i just downloaded the latest version of sharphound.exe, then it worked. i think the version on kali may be outdated.
anyone able to confirm if the scripts under c:\script is a rabbit hole for PE?
* c:\script\copy.ps1, not readable
* c:\script\usermobile.ps1, runs as scriptrunner, useless
* c:\script\setphone.ps1, runs as sekhmet, but not exploitable
i am using both the latert sharphound.exe and bloodhound from git repos. same error.
okay... that's unfortunate, FYI, my bloodhound version is: Version: 4.1.1, and sharphound version is: v1.1.0
not sure if it helps importing via button fails but dragging and dropping works which is super weird. I could not find ant PE vectors from bloodhound though. |
