Okay, got a bit of a problem. In part 3, there is a bit of work to do with the results of the previous two parts you have gathered. I have completed the first task of part 3, which is rather simple and just one easy command. Afterward, it says to connect to the active directory and get the password policies. I am stuck on this part. Spoiler I have used the active directory to get the users of the four departments, but each one I try in password attack comes up as a host or user error. Under policies and resources part, it is completely blank. I have tried WMI and even hydra. WMI gives one result of the dig with active and up to date security and Hydra doesn't do anything. I am a bit stuck here based on the stuff I tried in the spoiler. I imagine you use the file browser in some way, but with knowing the password to an account, it can't be used. Help?
Yeah, same problem here. I skipped that step, and have succeeded in all but that step and the very last step, but am hung up on completing the whole thing for the exact same reason (which I suspect is an error-- I don't think it's meant to be empty). I mean, seriously-- even if they are a rather incompetent intelligence organization-turned-drug cartel-turned-strange alternate timeline pulp tropic pilots-or-something, they should at least have some policies in place.
I dont think its supposed to be empty. ---- The LLMNR attack was really interesting and I 'd love to implement it into my hive.
Sorry, I'm trying to squash that bug. It seem after a while the AD reset and the policies are missing. It's fixed for now.
So where is the hash location for the password for this certification? I didn't come across one to get here, so...
You should have used the man in the middle to listen in with a llmnr poisoning between 2 IP addresses. During that, someone tries to log in to their account. That is the hash of the password.
