#ad-basic-enumeration

🥳

2 rooms in 1 day! Is this heaven? or is it PT1 time? 👀

Fun.

Mine started right away.

Try Ctrl and F5.

It started right away too, I think 2 people resetted it after some time lol.

Ah dang it. The bug again.

All ports are filtered.

Not sure if I should ping staff or not, guess I'll wait.

Same! I guees I will try after work

they reset room for the 3rd time already in 5 mins

2 votes for reset is way too low.

true

Should be 5 like other AD rooms.

I don't want to be annoying and ping staff, we just have to wait.

But the room is undoable right now.

Which subnet are you in?

All mine are open.

not for long i guess

There is only 2 people in your subnet.

You can have a maximum of 5.

Can't people join and leave somehow?

They can, but it would be too soon.

I voted once for it to be reset, but my network has been reset twice. (Not sure how?)

Ports are still filtered anyways. Same problem that has happened with other machines.

lol I guessed the answer.

Not really hard but hey it's still something.

Also guessed this.

Looks like I'm gonna do the room without the machine.

Let me check the network settings.

Sure, thanks!

There is an issue with network instances. We're investigating. 🙏

https://tenor.com/view/good-luck-captain-america-salute-gif-12849404

Keep us posted!

Are you using the AttackBox or local attacking machine?

Attackbox.

Make sure to deploy the AttackBox after initially joining a network.

Yeah, that's what I did. I'll restart my AB.

The launch attackbox was greyed out before I joined anyways.

@sage jetty Works! Thank you!

Gave +1 Rep to @sage jetty (current: #17 - 545)

Time to enjoy the new releases.

Well, it worked... for a second.

Someone reset the lab... again.

Not sure if people are resetting it or if it's resetting on its own.

We have removed the first instance of the Network now, it was the one with issues.

Important: If you were in this network instance, please rejoin the room and rejoin a new instance of the network. 🙏

User resets. But a new update is being pushed to increase the number of resets required. I promise the networks are working and we don't need another reset-mageddon 😅 Should have the patch deployed in the next few minutes which will resolve this.

Thank you very much. A reset spam is indeed happening lol. I'm a victim of it.

Back to ports being filtered for me. I guess I'll just turn off my AB and leave the room. Will come back in 30 minutes.

What does your network diagram show?

Uh I left the room, but it did show the AB -> The second machine -> The DC with their respective IPs.

After joining again, that's what I see.

No diagram shows until I click start.

and when I do I see this:

Can you go to your access page, choose the network VPN, hit regen, and just start the AB one more time?

Ok! One sec.

I think we locked resets for tonight. So no reset-mageddon

Do I leave the room before regen?

This one

Nope, don't leave the room

Done, I'll launch the AB.

I want you to get the specific VPN profile for this new network instance you are in. For V2 networks, if you leave and rejoin, you have to regen your VPN profile else it won't connect you. At some point we will make that an automatic regen that will happen

Let's see! I am hopeful, my instance in AB has been stable for the last 17 minutes with zero resets

:/

Can you run:

• ip a
• route -n
• nmap -p 22,3389 10.211.11.20 -Pn

Do you want me to send a SS of all interfaces for ip a?

Doesn't hurt? Might help me understand the issue here

route -n

ip a

nmap

Why do you have a tun0 and tun1? 🤔

Just spawned the box. ¯_(ツ)_/¯

And if the ports are open then this is something else here? Cause means the workstation is active and responding to you? Not a routing issue?

Which task are you currently on? Cause I'm following from task 2 and seems to work for me?

Task 3.

I ran this command again... and it's working now?

Why would it change over the course of 2 minutes.

🤷‍♂️

We're also adjusting the reset-vote requirement upwards. 😄

That is very odd. Same machine, same CMD same everything. 2 minutes apart.

Now it works.

I'll try SMB again.

That's also weird.

Mmm, I wonder if this has to do with UDP vs TCP VPNs. I had this issue in other networks in the past. But yeah, I think try and see how far you get? I think we eliminated a couple of things:

• It isn't a host issue
• It isn't a network instance issue
• It isn't a VPN route or adapter issue

So that then leaves either VPN type, UPD vs TCP, or a host stability issue, which I highly doubt since we would have seen that in QA.

Just something else to confirm, you are not running the AttackBox and your VPN profile (on a different device) at the same time right? cause that will cause them to disconnect each other and cause stability issues?

Maybe your VPN regeneration tip worked. Probably just some time for it to take over? IDK how it works in the backend of the website.

Not at all. I'm only connected to THM on 1 device via the browser, my VPN is off and not open on any VM. Solely using the AttackBox.

Maybe the host was still just booting. But at least it works and you can continue. I'll be offline, but do report any new connection issues so we can get more details and debug if it happens again

Happy, just making sure, another common issue we see sometimes

Thank you again! Will make sure to report anything weird I come to find.

Gave +1 Rep to @soft zephyr (current: #32 - 309)

😮

AH, yes, finally. I always thought this method was lacking in the current AD course even though it's a very important method. I wish it was explained that it could have been done using nxc/crackmapexec which is way easier than scripting it like in the course. But overall this was a very nice (and long awaited) room!

@shut compass @inland orbit Good job guys! Thanks for the room.

BTW what was the intended way for Which username is associated with RID 1634??
I found it using:

You can use rpcclient and/enum4linux and change the hex value to decimal to compare

Gotcha. Had a look at the hint, but did not get what tool was hinted to.

Wht is ad- basic-enme...

https://tryhackme.com/room/winadbasics

Thx

hey, my attackbox doesn't have route to 10.211.11.0

same

i went to profile->access and generate vpn file for this room and after that the routing showed in the attackbox after restart of the vm

ok only after downloading the configuration file to the attackbox and starting the vpn connection there, i got access to the network...

i did it without vpn from the attackbox

tried that too but wasn't successfull. Needed to vpn out of it... but thanks for the idea

my nmap scans arent scanning at all

You can try other user advice, shut down first attackbox, regenerate your vpn from your profile (select correct profile), start the room (network) wait for it to start, then start the Attackbox (or connect using vpn from your own computer)

Same issue on attackbox, tried rebooting everything.

Hi, for password spraying, I tried the crackmapexec command for the last question, but I got this instead

Maybe you have some connection problem, check ip route cmd again

same here, even though ip route lists a route to 10.211.11.0/24

just did all the previous ad enumeration tasks and everything appeared to be fine

I was able to do this room without issue having fun in setting up a wordlist and not checking to see if it had uppercase and lowercase passwords set and wondering why it was not working and finding out I had only set lowercase characters. Rookie mistake, but did finally pick up on it.

Hello, are there any good alternatives to BloodHound? I have issues with uploading data to it; it is just stuck at 0%.

Bloodhound community edition

What is the difference between the one I'm using ?

That one is legacy edition

As far as I know, if you are using a data ingestor that only works on bhound community then it won’t work on legacy edition

I don’t know of any better alternatives than bloodhound

Dose anyone know how to hack email

Hi guys

yes

Hello hackers, i need a lil help with setting up DNS for Breaching Active Directory... Can anyone help?

no one?

You can edit /etc/resolv.conf to make the Domain Controller IP in the first entry, for example:

nameserver dc_ip
nameserver 1.1.1.1

if that didn't work, you can ask in #breaching-ad

I second this. The directions to add THMDC's IP to the resolv-dnsmasq file did not for me as well. Editing resolv.conf did.

Hey, I am trying to connect to the network for the AD: Basic Enumertion room. I have regenerated the network and ran the tryconnectme command on the attack box and I still cannot connect to the network. Help please.

can someone help me with this 8.8.8.8 and 10.10.10.10? im a new user

Has anyone here done MOC 20740, 20741, 20472?

Hey all guys

hello

why can't I select the network vpn? is this a thm issue or do i need to have premium to download the vpn file? I thought this was a free room...

have you joined the network room and refershed the page after???

yea

anyone having this problem?

just keeps looping ?

Before if i refreshed the page it worked and i could atleased use it. Rn it just closes out of nowhere

yea when i first done it it kept looping then freezing did seem to fix after a while lmao

It freezes and if you refresh the page it just jumps into the machine no problem but right now it is active for about 3 min amd it just suddenly shuts the window amd says your machine is terminated.@amber nebula

yea i did not experience that, for me it just looped configuration then froze and then randomly decided to load fully.

Even machines hate windows

ahaha

i cannot start the network its like this for 10 minutes 😅

I am facing the same problem as @clear flare
It stays like that for a long time and once I saw a message which went something like "an error occurred while trying to start the network". I had tried starting it multiple times yesterday but to no success. Can someone please help if possible. Thanks in advance.

Gave +1 Rep to @clear flare (current: #1231 - 5)

Restart your PC
Check virtualization is enabled
Disable Hyper-V
Make sure you have enough RAM
Try different browser
Clear browser cache
Try from another network

Check if TAP adapter is enabled ncpa.cpl

@clear flare

Ok I will try these and see.

hello 😄

thanks for the answer
but i sitll can not start the network 🙃
i think from my VM site everything should be allright i did other AD Networks also that worked perfectly fine 🙂 but here i looks like i it wont start

Gave +1 Rep to @dusty mulch (current: #873 - 8)

and since the network don't starts for me i can't donwload the VPN file

if the network would boot up normal i would be able do Download the vpn file

or am i wrong here? 😄

If the VPN server shows Online then the network is actually running you dont need the lab machine to fully boot in order to download the VPN file You should be able to download the configuration file directly from the Networks tab as long as the server status says Online
If the download isnt working try clicking Regenerate wait a few seconds then refresh the page and try again. You could also test it in another browser just in case its a cache or extension issue

Click Regenerate
Wait 10 seconds
Refresh page
Try download again
If still broken then
Log out
Clear browser cache
Log back in
Change VM region in Manage Account then VM Region

i cannot even download it
i cleared everything in the browser

i really dont know what i am doing wrong

and that thing keeps loading all the time so i have no idea what i am missing here 😅

i am really looking forward to a solution i already made some AD Networks they are great to learn so i really want to finish this one also

If you're still having problems, you need to contact suppor@tryhackme.com

alr mate thanks for trying 🙂

i did almost all AD Networks first time that this weard thing going on 😅

Gave +1 Rep to @dusty mulch (current: #417 - 20)

No worries