#ad-authenticated-enumeration

🥳

Let's go!!!!!!!!!!

Will the 2 rooms be added to this module?

No. 🙂

Aww, alright!

will this make a new module???

PT1 has AD, so probably. 👀

When we have enough rooms to create a new module, sure. 🙂

well think these would eventually branch out to cover enough of AD to actually make a module but that is just shadows prediction

Good job on both rooms, loved it!!

connection keep dropping in this AD rooms

Is it that you can access the machines then you get disconnected? Or is it something else?

it hung for a minute or two then come back, I finished the room switching between attackbox and vpn

I started the attack box after the network was started still I dont see the route mentioned in introduction. I also dont see the interface or the network config for openvpn in the attackbox, what can I do?

openvpn config files you download them from your tryhackme profile access

But it should be already present in the NetworkConfigs in Desktop

I do not think so, if you use Attackbox you do not need to use openvpn

that is true. But I dont see the vpn connected or the route present in output of ip route

in my case I click reset room, waited until 5 people click reset, then the route appeared on Attackbox

I think I know the issue. The NetworkConfigs has the config files but those are empty so vpn is not coming up. How can I check this with support?

when you download vpn file for this room it will be in this format username-Jr-Pentester-AD-v01-BH.ovpn, is this what you refer to empty?

Yes, that is empty on the Attackbox

Wht is this?

The new AD: Authenticated Enumeration room is driving me nuts. I just can't seem to connect to the room-specific network using the Attack Box. Either it doesn't have a TUN-connection with associated routes at all, or it has one to 10.211.11.0, whereas the network is in 10.211.12.0 . What to do ?

Same here

I found a solution. Go to access page, regenerate the vpn config and start the attack box and it works 🙂

Finally success. I regenerated and downloaded the Jr-Pentester-AD-v01-BH config file from the Access page, transferred it to the Attack Box, and fired it up with sudo openvpn.

Are you running the Attackbox and another VPN connection on your own machine? If so, this is most likely why the connection keeps dropping as you are de-authing yourself from the VPN. You can only have one VPN active at a time, the Attackbox counts as one

How is your setup in this room? is not Attackbox in same network or is using VPN (as you sate it count as one), I started using my own machine, it hung, drop, then switch to attackbox, definitely network issue in these 2 rooms. like now you get Attackbox Failed to connect to server

This is running a network room. Networks have their own VPN profile. So not your normal THM VPN profile. This profile drops you directly into the specific network you are in.

When you boot the Attackbox, it makes an API request to see if you are currently in any network rooms, then downloads that VPN profile and runs it in the background automatically for you.

But that means it is the exact same VPN profile you would have if you were running it locally.

And if you run two at the same time they deauthenticate each other, since the VPN profile is pinned by a cert, only allowing a single connection at any given moment.

Steps you can do to check your network connections:

• go to the access page and regen your VPN profile for the specific network.
• make sure you only start the Attackbox after the network is actually active
• ping the associated VPN server's internal IP: 10.200.X.250. You can get X from the network diagram. If this works, you are connected to the VPN
• check ip route and ip info to see if you have the adapter.

I can honestly promise you it isn't a network issue. We have upgraded to a new network model that has been incredibly stable. If the correct VPN profile is running, the issue sits somewhere else. If the profile isn't running, then follow the initial steps for sorting the Attackbox. But make sure you are not running two at the same time

attackbox network

No active VPN profile there. So your profile isn't pulling to the AB. Just confirm for me, are you premium or free?

premium. first time attackbox show message Failed to connect to server, then I restarted it. the point is it work sometimes and sometimes not, that is the issue

Okay, so then it isn't an issue in the internet connection. Confirm:

• Are you in the actual network room when you start the AB?
• What is the network status showing?
• When you go under Profile -> Access -> Networks which VPN providers does it show?

I am not using my own machine, I disconnected my vpn, I am using Attackbox which assume you said it will work, or you saying now it need first to select the vpn profile on tryhackme page before even starting the Attackbox.

Do you want me to help you debug the issue or not? If you want my help, please provide me with the answers I need as sent above. Otherwise I can't assist you here

Ok I see you do not like any feedback, so do not help, thank you , have a good day

First time I get this type of reply from TryHackMe stuff when I am here for 4 years

I am more than happy to take feedback. And I do want it. But I am trying to understand to root cause of your issue. Without understanding this, I cannot help you or other users in the future. And the only way I can understand this root cause and fix it, is by you giving me more information. That's the difference between giving feedback and just complaining

all messages I gave you with screnshot and you tell me now I am complaining, thank you very much

I figure it myself, thank\s

I need this. Without this this conversation isn't going anywhere and I am fully blind. I don't have access to your profile or your computer and can only work with the information given to me

You dont need to transfer as well. Just regenerate the config and restart the AttackBox if it is already running or start it and you can see the vpn is up in attack box.

@acoustic frost - I have filed a bug report for this with as much information as I could find. Not sure if that is sufficient but now I have regenerated the config so not seeing the issue anymore.

Appreciated thanks! Can you DM me that info as well? Want to do some investigations and see what I can find.

Just for my own understanding, you:

• Had the issue on the AB
• Stopped your AB instance
• Regen-ed your VPN profile
• Restarted AB

And the problem was resolved?

On that, can you also just give me more info on:

• Is this your first time joining this network room or did you forcibly leave it and rejoin?
• What was the network status when you joined the room? Was the network active already or did you have to press the start button?

Gave +1 Rep to @scenic badge (current: #1897 - 2)

I have DM'ed you

Just regenerating either VPN standard or roon config file didn't work for me. I had to copy the room VPN config over and start it with sudo openvpn. At which time everything was fine.

Djalil, you're not the only one having these issues. The trick that did it for me was regenerating the room-specific VPN config file, copying it over to the Attack Box, then firing it up with a sudo openvpn config file. At which point you get the necessary routes to the room network and have a stable connection.

Not sure if this helps to contribute to your investigation, but the 4 steps you mentioned are exactly what worked for me in the #ad-basic-enumeration room. I haven't tried the #ad-authenticated-enumeration room yet, but I'll do that soon and I'll let you know if I come across the same problem and if the same steps resolved it too.

Seems like the trick is also working in other rooms. cc @acoustic frost

I do not think you need to copy vpn file to attackbox. you can generate it from your profile, start network first, then start the attackbox

Thanks for the info, appreciate it. I think we are narrowing in on the issue.

As a short explanation, when you join a Network room, the frontend should be making a call to the backend to generate your VPN profile. This call to generate it then also pushes the generated VPN profile to an S3 bucket. It is this S3 bucket that the AB pulls your VPN profile from, not directly from THM. Given the information we have thus far, it seems like that initial request may be the culprit. It is either firing too early, meaning it never hits the VPN server, or it isn't firing reliably as it should. So this is where we can now place our focus.

Just to reiterate again, this isn't a network issue. The network itself is stable and working, but rather an issue with the Frontend not accurately pushing and pulling your VPN profile. So a network reset isn't going to help at all, but rather, more likely make the problem worse 😅

Given the issues, I am raising with the internal team two different fixes that we will be applying:

• Frontend team needs to do an investigation to see why the API to generate the initial VPN profile is not firing like it should or as reliably as it should.
• We will introduce a debugger script on the AB that users can run if they have an issue, which would identify the issue and provide the user with feedback on the steps that needs to be taken to resolve it. By adding this to task 1, all users will have the ability to do step by step debugging and receive help to resolve the issue without requiring support or discord.

Will take a bit of time to implement, but hoping we can have something ready either end of this week or early next week.

Those with a keen eye would have seen that networks got an entire revamp. The easiest way to spot it is noticing now that your subnet is effectively static, regardless of which network instance you are drop into. This overhaul have drastically increased the stability of our networks, which is what we leverage in PT1 as well. Even more awesome, is the fact that we can now create single-user networks (like we do in PT1), which means that for specific cases where one user "exploiting" something would ruin the experience for others, we can now simply configure that network as a single-user network. Of course cost here is high, so would only be used in cases where absolutely needed, like the PT1.

Gave +1 Rep to @dire badge (current: #61 - 144)

hey, I couldn't ingest the zip generated from attackbox to the docker

i solved it by using the preinstalled bloodhound on attackbox

Interesting this morning going through this room and get to starting the instance of bloodhound and it is saying unable to connect. I can ping the machine, so I know I am on the right vpn config file. It worked first thing this morning, but could not see anything from the ingested zip file when following the directions.

this is what I see when trying to go to the instance of bloodhound.

Going to see if I can connect via the attack box and get this completed.

Now I can't even connect to the network via the attack box. Does not even see the network connecting via the room for the network to the attack box instance. SIGH. This is just getting to the point of throwing my hands up to get it working.

What IP range should I get on the attack box if connected via this room, as I don't think it is connecting right.

Now at the point on my own VM and trying again to connect the bloodhound instance and it is just dying and becoming unresponsive. It just goes on.

Now it is at the point seeing nothing after the zip file is ingested by bloodhound. This room is nothing but a living nightmare.

Hey, thank you for reporting this! We're looking into the issues you reported and will issue a fix as soon as we can!

Gave +1 Rep to @clear wind (current: #988 - 5)

Anybody facing the problem of ingesting data into Bloodhound using zip file output from bloodhound-python? I get an Invalid File Type error.

When I was doing that part I was seeing nothing on clicking on exploring the data

Workaround using someone's solution above. Launch Bloodhound's web interface on ur own attackbox instead.

That is what I was doing, as I could not get the attack box to even see the network in order to connect.

very glitchy network loll

You are telling me. Just tired it again and it did take awhile to enable me to upload the zip file and then said that it was an invalid file frmat and then let me upload the zip and ingested it . Went to explore and same thing " Nothing ".

Was able to get android-analysis done in the mean time.

@acoustic frost - I am having the same issue again, is there something you would like me to collect for you before I try to regenerate the config and see if it works

Just trying this room again to finish off the blood hound task and still unable to complete this. Today it was showing that the zip file was not the right format and upon closing the site it will now not let me log back on the blood hound instance.

hey i need some help guys , im doing the authenticated room enum AD and i cant find the number of question 4 task 3
can someone help me ?

This is what i find when doing my querie

PS C:\Users\asrepuser1> (Get-ADGroup -Filter *).Count
54

Hey Marta! Sorry for the ping but any update on this? This section is still unreachable.

Was a great room overall, thanks! Managed to run bloodhound-python from the attackbox to get the different .zip files and opened bloodhound on my attackbox for the task that's bugged.

I wish I could say the same. Been trying to complete this for days now on my own machine and the attack box. For the first time I was able to see the network properly on the attack box, but now it will not connect to the bloodhound IP.

This room seems to be a lottery if you are able to get all the ducks in a row to complete it. Never had so much trouble with one task.

Once more into the breach on my own VM to see if I can even get the bloodhound website to show up properly.

So today I have tried my own VM with the proper Openvpn config for the network. I can see all the network and ping. I can then run the cmd command for to make the bloodhound zip file. But I am unable to connect to the bloodhound website. The same happens if I connect via the attack box in being unable to connect to the bloodhound site ip and again on my own VM unable to connect to the site.

So is this just my bad luck or is something a miss on the back end for this instance for the network?

@clear wind Not sure why you are so reliant on the bloodhound instance they gave you. Just collect your own data using the bloodhound-python tool on your AttackBox and use the credentials from the asrepuser1 you got earlier. Run it on the DC. Once done, open bloodhound also present on your attackbox and import the .JSON files. Done.

If you can't reach the different boxes present on the network using ping, just turn off your attackbox and go to your access page and regen the VPN file that's made for this room. Once regenerated, re-launch your attackbox and everything should be fine.

That is the thing I can access everything via ping. I have been able to get on to bloodhound via the IP given. But I either get it hanging on the administration page or once ingested nothing when I go to explore. Today is the first time I have been able to see the network on the instance attack box. I have tried the same and it just hangs trying to connect to the bloodhound instance via the IP in my browser as shown on the task. Seeing as I am not the only one with issues with this task I can only hope that it is fixed at some point in the future.

Just tested the room now, I was able to connect to Bloodhound, if you have issue you can use the installed Bloodhound on the Attackbox (it work too fine)

I will give it a try in a bit. I was just putting the ip and port into the browser and it was just hanging.

Here goes nothing, started the network and now starting the attack box to see if this will finally work.

Worked for all of us (Excluding bloodhound), don't think it won't work for you unless there's something you're doing wrong or the subnet you're in is really bad.

The only thing that did not work for me was the hosted bloodhound, which can be fixed in less than 10 seconds by using your own on the attackbox.

I was finally able to access it on the attack box and get the only questions I had to answer. Thanks for checking that the instance worked.

Gave +1 Rep to @strong cloud (current: #133 - 63)

As you can see I did finally get it to work and get the final questions answered. The zip file was ingested right and found the information to answer the remaining questions. Thank you for the great input.

You're welcome!

@strong cloud I see in your video for this you liked my pain of trying to complete this.

🤣

Sorry been away for a while. I think we have what we need. Team is working on a fix and waiting for them to deploy to the Attackbox

I was finally able to get over the hurdle of not being able to view the web interface for bloodhound properly. It was finally able to do this via the attack box instance.

Ok, great

What was the issue with the web interface? And when you say using the Attackbox instance, do you mean bloodhound running on the AttackBox or using the docker bloodhound instance from the Attackbox?

It was a mixture of both. I was unable to see the network after starting it and then starting an attack box instance. When I was finally able to see the network and complete the tasks I had left, going to the IP for the bloodhound instance via the web interface would just hang and not show at all.

On my own machine I was able to only get on to the web interface for bloodhound once per session otherwise it would just hang and not load the page to enable me to login again . The ingested material would not show up as it should and had to try again.

That hanging, was this from the Attackbox or from your own machine?

Also just a headsup, the update is live. Just still changes needed in task one. But now if you run the command tryconnectme from a terminal on the AttackBox it helps you Debug VPN issues and resolve them. Not perfect but I think it will help.

But I was finally able to complete all of the tasks via the attack box and watching later @strong cloud reaction to my pain. Which I did find really funny.

Both the hanging was going on in both.

Is this the script you guys were talking about a few days ago?

And this is you connecting to the same docker bloodhound instance just from your own machine right?

Yep, was just taking time to push to the AB. And this is a good option while we wait for the DEV team to see why the VPN sometimes doesn't pull through to the AB.

I would have closed out of the attack box and booted up my own VM. I never run both.

Cool. Thanks for the info. I'll go play around and see what I can replicate. Thinking it may be something to so with the amount of users we have per network instance. Will run some tests on it and see what I can find

Gave +1 Rep to @clear wind (current: #864 - 6)

I don't know how many times I deleted my openvpn config just in case it was that.

Did you have any issues connecting to other hosts or having your bloodhound enumerator running when you have these drops? If so, maybe it was the VPN but I don't believe so.

If you ever wonder, just run a ping to X.X.X.250 with the X being the IP in the network diagram. This is the VPN server. If you get replies here your VPN is connected

I was able to ping all of the hosts on the network once I confirmed that I could see everything via using the route and ip route commands. I even used it to ping the bloodhound host to make sure it was up before trying to get to the web interface.

See then it has to be something with the actual webapp and not the VPN. I'll try some stuff and see if I can recreate the failing conditions

I would go back into it, but I know it works first time when logging in, it is after this and even when I was getting in sometimes when trying to upload the data it was coming back saying the zip file was an invalid file format.

Personally the only problem I had was that when I tried accessing bloodhound on the IP:PORT combination I was given, it did not work. (#ad-authenticated-enumeration message) I was left with a blank white page.

Is there anyone else facing some glitch on the box?

No

Is there anyone who has done the medium challenge of ad enumeration?

I have managed to sort all the flags but am left with one

I have finished this room, yes.

Am looking for the relationship of drgonzo and the Admin groups?

I'm not sure I understand your question.

I mean the answer on the task that is asking for relationship between drgonzo and the admin group

It's the AD enumeration: the medium challenge

The answer to that question is right in front of you if you look at how many letters it needs in the answer. Look at the graphics that are given in the task you will see it.

I'm trying to login in bloodhound, but it sends me to password expired and asks me for a new passowrd everytime and crashes, can someone please help?

yes same issue I am unable to login to BloodHound-CE
Also Bloodhound-python is giving werror from the attack box saying ti cannot find resolv.conf file

we can also use the BloodHund already installed in Attack box

Hey I fixed that

You should use: rm /etc/resolv.conf
Then use nano to create the file again: nano /etc/resolv.conf
Inside that type: nameserver 10.211.12.10
After that assign permissions

And it worked for me

Hello everyone. I can't figure out why I have a VPN file that is responsible for connecting to the network - Jr-Pentester-AD-v01-BH, downloading as a regular vpn premium. I did everything I could and rebooted and tried on virtual machines, with the VPN turned on and off. Do you have the same problem, please take a look? Or tell me where to write to help me figure it out.

The file was downloaded correctly from the previous room (AD_ Basic Enumeration) - Giperium-Jr-Pentester-AD-v01.ovpn, but it doesn't work with this room.(((((

hey that file name looks different from what normal vpn apps give you sometimes this happens when the download link is mixed up or it comes from some training or lab setup just try downloading again from the official site or a different browser and if it still shows the same name just reach out to the vpn support team and send them the file name they will confirm if its normal or a mistake no need to stress

did anything work for you?
Same issue for me as well, but now not able to access blood hound on the server where its deployed either from the attackbox or from my local after vpn connection
Update: able to connect to bloodhound but now its showing password has expired

Hey there, Network is not starting. Second day in a row. Anybody who can help me here?

Same for me on both this room and the AD basic enumeration room. The "trying to start network" screen has been going for days now. I've submitted a query via the THM contact form but haven't heard anything yet.

i'm also having the same problem. Insane that there are so many people encountering this and tryhackme has done fuck all to sort it out

Hi..Ad authenticated enumeration room ,the bloodhound login is giving expiry page after first login I change it but then the bloodhound stops working..

Kindly help

link to the room, plz.
Bloodhound login is usually local on your machine, not on the [room's] box, no?