(September 25, 2022, 04:32 PM)technic Wrote: the ldap entry of winrm_user contains msDS-KeyCredentialLink & userCertificate, not sure if it is useful.

X509v3 Extended Key Usage:
    TLS Web Client Authentication, TLS Web Server Authentication
X509v3 Key Usage: critical
    Digital Signature, Key Encipherment

How did you enumerate this exactly? I tried enumerating ldap with ldapsearch and I keep getting error "Matching credential not found"

(September 25, 2022, 06:24 PM)delmerherberth Wrote:

(September 25, 2022, 04:32 PM)technic Wrote: the ldap entry of winrm_user contains msDS-KeyCredentialLink & userCertificate, not sure if it is useful.

X509v3 Extended Key Usage:
    TLS Web Client Authentication, TLS Web Server Authentication
X509v3 Key Usage: critical
    Digital Signature, Key Encipherment

How did you enumerate this exactly? I tried enumerating ldap with ldapsearch and I keep getting error "Matching credential not found"

Maybe not the simplest solution..

- You can convert your ccache file to a kirbi file with ticketConverter.py,
- then import the ticket to a windows box with Rubeus,
- Finally, "SharpHound.exe --domain absolute.htb -c all"

(September 25, 2022, 06:35 PM)Hacker2222 Wrote:

(September 25, 2022, 06:21 PM)user_htb22 Wrote:

(September 25, 2022, 04:35 PM)bodiesplus Wrote:

(September 25, 2022, 03:52 PM)Hacker2222 Wrote:

(September 25, 2022, 03:43 PM)Photographer Wrote: which tool did you use? every tool i try just gives me errors with -k and with password

use crackmapexec without pass ........ or impacket-smbcleint with -no-pass

It does not work for me either.

I keep getting absolute.htb\svc_smb:xxxxxxxxxxx STATUS_ACCOUNT_RESTRICTION

same error

$ impacket-smbclient [email protected] -k -no-pass
Impacket v0.9.24 - Copyright 2021 SecureAuth Corporation

[-] Kerberos SessionError: KDC_ERR_S_PRINCIPAL_UNKNOWN(Server not found in Kerberos database)

kerberos needs host names, not ips ..............

Did you got user already ?

do you need to be in sync? If so, I need help with the synchronization of the clock with the machine.

(September 25, 2022, 07:32 PM)fl0mms Wrote: do you need to be in sync? If so, I need help with the synchronization of the clock with the machine.

install ntpdate

sudo ntpdate absolute.htb

---

(September 25, 2022, 07:32 PM)Hacker2222 Wrote:

(September 25, 2022, 07:25 PM)user_htb22 Wrote:

(September 25, 2022, 06:35 PM)Hacker2222 Wrote:

(September 25, 2022, 06:21 PM)user_htb22 Wrote:

(September 25, 2022, 04:35 PM)bodiesplus Wrote: It does not work for me either.

I keep getting absolute.htb\svc_smb:xxxxxxxxxxx STATUS_ACCOUNT_RESTRICTION

same error

$ impacket-smbclient [email protected] -k -no-pass
Impacket v0.9.24 - Copyright 2021 SecureAuth Corporation

[-] Kerberos SessionError: KDC_ERR_S_PRINCIPAL_UNKNOWN(Server not found in Kerberos database)

kerberos needs host names, not ips ..............

$ export KRB5CCNAME=svc_smb.ccache
$ impacket-smbclient [email protected] -k -no-pass
Impacket v0.9.24 - Copyright 2021 SecureAuth Corporation

[-] SMB SessionError: STATUS_MORE_PROCESSING_REQUIRED({Still Busy} The specified I/O request packet (IRP) cannot be disposed of because the I/O operation is not complete.)

maybe set KRB5CCNAME to absolute path of file ..... hehe

my KRB5CCNAME is on the absolute path  but i get the same error.

(September 25, 2022, 07:37 PM)Photographer Wrote:

(September 25, 2022, 07:32 PM)fl0mms Wrote: do you need to be in sync? If so, I need help with the synchronization of the clock with the machine.

install ntpdate

sudo ntpdate absolute.htb

---

I did it but it doesn't change anything.

then you have auto time activated check on your time settings. you have to disable that.

(September 25, 2022, 07:48 PM)fl0mms Wrote:

(September 25, 2022, 07:37 PM)Photographer Wrote:

(September 25, 2022, 07:32 PM)fl0mms Wrote: do you need to be in sync? If so, I need help with the synchronization of the clock with the machine.

install ntpdate

sudo ntpdate absolute.htb

---

I did it but it doesn't change anything.

sudo timedatectl set-ntp false
sudo ntpdate -s absolute.htb

watch the time change

(September 25, 2022, 07:25 PM)user_htb22 Wrote:

(September 25, 2022, 06:35 PM)Hacker2222 Wrote:

(September 25, 2022, 06:21 PM)user_htb22 Wrote:

(September 25, 2022, 04:35 PM)bodiesplus Wrote:

(September 25, 2022, 03:52 PM)Hacker2222 Wrote: use crackmapexec without pass ........ or impacket-smbcleint with -no-pass

It does not work for me either.

I keep getting absolute.htb\svc_smb:xxxxxxxxxxx STATUS_ACCOUNT_RESTRICTION

same error

$ impacket-smbclient [email protected] -k -no-pass
Impacket v0.9.24 - Copyright 2021 SecureAuth Corporation

[-] Kerberos SessionError: KDC_ERR_S_PRINCIPAL_UNKNOWN(Server not found in Kerberos database)

kerberos needs host names, not ips ..............

$ export KRB5CCNAME=svc_smb.ccache
$ impacket-smbclient [email protected] -k -no-pass
Impacket v0.9.24 - Copyright 2021 SecureAuth Corporation

[-] SMB SessionError: STATUS_MORE_PROCESSING_REQUIRED({Still Busy} The specified I/O request packet (IRP) cannot be disposed of because the I/O operation is not complete.)

as far as i have found informations about it , there is a problem with time desync but i have the error even after i used ntpdate and checked it with nmap. so i don'tknow how to go on with that

(September 25, 2022, 07:49 PM)user_htb22 Wrote:

(September 25, 2022, 07:48 PM)fl0mms Wrote:

(September 25, 2022, 07:37 PM)Photographer Wrote:

(September 25, 2022, 07:32 PM)fl0mms Wrote: do you need to be in sync? If so, I need help with the synchronization of the clock with the machine.

install ntpdate

sudo ntpdate absolute.htb

---

I did it but it doesn't change anything.

sudo timedatectl set-ntp false
sudo ntpdate -s absolute.htb

watch the time change

thx bro :heart: