└─$ nslookup za.tryhackme.com
;; communications error to 10.200.92.101#53: timed out
;; communications error to 10.200.92.101#53: timed out
;; communications error to 10.200.92.101#53: timed out
Server: 127.0.0.53
Address: 127.0.0.53#53

Name: za.tryhackme.com
Address: 10.200.89.101
;; communications error to 10.200.92.101#53: timed out
;; communications error to 10.200.92.101#53: timed out
;; communications error to 10.200.92.101#53: timed out

plz guide me

Are you connected to the breaching VPN?

not breachingAD VPN, connected to Machine VPN

You're in the attackbox?

iam trying from my own kali machine

Ok, you need to be connected to the BreachingAD VPN

Click Networks

breachingAD VPN is not connecting due to cipher issue. So i tried thm-troubleshoot. It automatically connected to Machine VPN

It's not the cipher.

Open your Breachad VPN file and change line 2

from dev breachad
to dev tun

failed to negotiate cipher with server. Add the server's cipher ('AES-256-CBC') to --data-ciphers (currently 'BF-CBC') if you want to connect to this server.
2023-04-06 12:55:16 ERROR: Failed to apply push options
2023-04-06 12:55:16 Failed to open tun/tap interface

2023-04-06 13:01:32 OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('AES-256-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server.
2023-04-06 13:01:32 ERROR: Failed to apply push options
2023-04-06 13:01:32 Failed to open tun/tap interface
2023-04-06 13:01:32 SIGUSR1[soft,process-push-msg-failed] received, process restarting
2023-04-06 13:01:32 Restart pause, 16 second(s)

client
dev tun
proto udp
sndbuf 0
rcvbuf 0

even after changing dev to tun, error is same

in hackthebox, i didnt face this type of problem

Did you try this?

#breaching-ad message

after 4 hours of troubleshooting, i have successfully connected to vpn

└─# nslookup za.tryhackme.com
Server: 10.200.92.101
Address: 10.200.92.101#53

Name: za.tryhackme.com
Address: 10.200.92.101

┌──(root㉿kali)-[~]
└─# sudo systemctl restart NetworkManager

┌──(root㉿kali)-[~]
└─# nslookup za.tryhackme.com
Server: 127.0.0.53
Address: 127.0.0.53#53

Name: za.tryhackme.com
Address: 10.200.89.101

┌──(root㉿kali)-[~]
└─# ssh thm@THMJMP1.za.tryhackme.com
ssh: Could not resolve hostname thmjmp1.za.tryhackme.com: Name or service not known

let it be, i am able to ssh with ip address.

i am getting this error when connecting to Network VPN Server and i cannot fix that. Can someone from help me out with this?

for me it worked after uninstalling openvpn, installed again. In 63xxxx.ovpn file, second line change to "dev tun"

in 63xxxx.ovpn, added "data-ciphers AES-256-CBC:AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305"

where should i add this line in the file, data-ciphers AES-256-CBC:AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305?

also run thm-troubuleshoot

in 14th line of 63xxx.ovpn , plz check

it worked, thank you for the help!

WC

guys anyone faced tftp file copying problem like me ?

after connecting to network vpn server i am getting this error while doing nslookup. anyone know what i am missing here?

are you using Kali ?

yes

go to network manager, IPv4, add DNS IP

which IP i have to add there ?

Hope you have THMDC IP add as 10.200.92.101, plz add that IP

i use dnsmasq and already added that dns ip but still unable to nslookup

tried adding that to network manager

i dont know what i am missing now :/

it should work

i have added in /etc/resolv.conf also but it is deleting automatically after service restart or reboot.

https://askubuntu.com/questions/143819/how-do-i-configure-my-static-dns-in-interfaces

this method works for /etc/resolv.conf file

but its not working for me lol

it worked, i forget to restart the network service

i am stupid

thank you for the help!

👍

anyone got error opening database file "sqlitebrowser ma.db" ?

I am trying to fix this DNS thing from past 3,4 hours but couldnt fix it. Decided to use the attackbox and when running this command for dns , systemd-resolve --interface breachad --set-dns 10.200.92.101 --set-domain za.tryhackme.comit throws Unknown interface breached: No such device this error. Any help would be appreciated!

i cant figure out what i am missing

please do @ me if anyone going to reply.

your interface is not breachad

sudo mkdir -p /etc/resolvconf/resolv.conf.d
sudo nano /etc/resolvconf/resolv.conf.d/tail
nameserver 10.200.92.101
nameserver 8.8.8.8
sudo apt install resolvconf
sudo resolvconf -u

Are you on the attackbox or VM?

attachbox

did that earlier didnt work for me, i messed up my dns lol

whats my interface on my attackbox?

Can you do

ip addr show

on my attackbox?

Yes, and which interface has a 10.200 ?

Or 10.50

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP group default qlen 1000
    link/ether 02:09:1a:72:bf:91 brd ff:ff:ff:ff:ff:ff
    inet 10.10.227.221/16 brd 10.10.255.255 scope global dynamic ens5
       valid_lft 1937sec preferred_lft 1937sec
    inet6 fe80::9:1aff:fe72:bf91/64 scope link 
       valid_lft forever preferred_lft forever
3: persistad: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
    link/none 
    inet 10.50.59.145/24 brd 10.50.59.255 scope global persistad
       valid_lft forever preferred_lft forever
    inet6 fe80::8ec0:761:9ea6:66d9/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:f8:59:7c:d3 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:f8ff:fe59:7cd3/64 scope link 
       valid_lft forever preferred_lft forever
6: veth6e80c29@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether 1a:30:26:85:be:7c brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet6 fe80::1830:26ff:fe85:be7c/64 scope link 
       valid_lft forever preferred_lft forever
8: veth5507147@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether 22:39:0f:bc:99:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::2039:fff:febc:9953/64 scope link 
       valid_lft forever preferred_lft forever
root@ip-10-10-227-221:~# 

persistad I think.

sqlitebrowser ma.db

qt.qpa.xcb: could not connect to display
qt.qpa.plugin: Could not load the Qt platform plugin "xcb" in "" even though it was found.
This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem.

Available platform plugins are: eglfs, linuxfb, minimal, minimalegl, offscreen, vnc, wayland-egl, wayland, wayland-xcomposite-egl, wayland-xcomposite-glx, xcb.

zsh: IOT instruction sqlitebrowser ma.db

any solution ? I uninstalled sqlitebrowser and install again. Updated pacakges but still same error

i tried persisted instead of persistad before asking for help here, i am clearly blind. The command works but nslookup for thmdc.za.tryhackme.com isnt working

attackbox meant to be easier

Can you cat /etc/resolv.conf

Put nameserver 10.200.92.101 above 127.0.0.53

@plucky walrus everything work for you ?

Is your network running?

ya i dont have DNS problem. It resolved, able to nslookup

I had to start mine.

for me sqlitebrowser is unable to open mcafee database.

yeap its running

i bought tryhackme to learn some ad before buying crtp labs but it looks like i should go for crtp labs directly

CRTP lab is too costly. If can complete within 1 or 2 months within time, then CRTP lab is good.

You got a vm?

nope, using kali as a primary os

Wow.

You're brave.

Why don't don't you do this on kali?

because its not working on kali either

dns is always hard t configure

You don't need to do dms.

Dms

Dns

Just put it on mameserve

its not working for some reasons which i cant figure out

i will try again after crying

nslookup is working as seen in the ss but i am unable to access the url in the web browser

@charred sandal sorry for the ping but i cant fix the issue can you help me with it?

I have the same Problem with the same network...

Hey, please ping me instead of Skidy:)
I'm your go-to man for any issues, I can then let the relevant teams know

Hi guys, need some help to fix this, error message when try to do nslookup to thmdc.za.tryhackme.com:

;; connection timed out; no server could be reached.

I have added the DC ip and I am connected to the VPN. any advice?

Are you using the correct VPN?

Yes, breachingad vpn

Can you cat /etc/resolv.conf for me.

sure thing,

#Generated by NetworkManager
search thmdc.za.tryhackme.com
nameserver 10.200.32.101
nameserver 8.8.8.8

Hm, strange.

Hey @somber ledge , I ran this command on my attackbox systemd-resolve --interface persistad --set-dns 10.200.92.101 --set-domain za.tryhackme.com and after that the nslookup showing ;; connection timed out; no server could be reached. error.

Secondly, on my local machine i added thmdc ip in my /etc/resolve.conf and after that nslookup working on my local machines but the websites are not reachable in the browser.

i couldnt figure out whats wrong so can you please help me with that.

So what room are you actually doing, the breaching AD room or the persisting AD room ?

breaching ad

Okay, because in your command you used the persistad interface instead of the breachad interface

ahh

Might have to restart the attackbox, as if you joined the room after starting the attackbox, you might not have the interface yet

let me try that

not working!

What is not working ?

its giving me same error as before for breachad interface

Then you might want to shut down the attackbox again, leave the room with the little gear icon top right, join the room again, start the attackbox back up again

it worked, thank you so much!

I had the same issue with the interface, thanks a lot as well 👍

Ok, so I have been trying this for the past 2 days. Task 5 in the room "Breaching Active Directory" has to be broken, right? I am not getting any hashes in responder in both my local vm or the attackbox even after resetting the network twice.

What was the error?

I have waited on each try for atleast 20 minutes.

There is none, I am just getting no events.

That one?

That's because slapd is running but that doesn't matter as I am waiting for a SMB event.

iI'll need to do it.

I haven't had any issues with the other rooms or it was just my dumbass who was the problem. With this one, I am pretty conviced that something is broken.

can someone reset the .32.101 subnet please.

Nevermind.

Responder worked for me.

huh

I've obfuscated the Username, and gave you part of the hash as proof.

Which Interface did you use?

How long did you wait?

About 5 min(s)

I don't have to trigger anything, right? The server will just send a request at some point.

Nope, I started it, then started watching general chat.

I am just booting up the attackbox, as I am in another room with my lab vm. I will try again right now.

I stopped it, then re run responder, and I got this message.

And that took 6 min(s) and 36 sec(s).

I am running a stopwatch aswell, will report in a few minutes.

Super weird though, as I am using the attackbox, to make sure there isn't any interference from my lab environment.

Do you think resetting my progress would change anything?

No.

Or does that only clear my answers?

Yup.

Ok

I don't know what to tell ya.

Brand new attackbox booted up, network started and issued the responder command.

Do you mind hopping in a VC? I can share my screen and show you what I am doing.

I'm just heading out.

One thing I can suggest is opening a new terminal and doing the sudo tcpdump -SC -i tun0 tcp port 139

Whilst you're waiting for the responder.

Did you do this step? It shouldn't matter, as it is for a different interface, correct?

do ip a s and what is the interface that has 10.50 ?

tun0

change breachad to tun0

actually they are both in 10.50.0.0

you can use that commandthen.

yeah, did that...

Just wanted to clarify on this

tcpdump also doesn't throw anything

You need to keep testing the printer settings for that work.

but I had it running whilst I waited for the hash.

noooooo

wait

Do I have to press test settings or something in order to get a hash?

No

In my kali machine its showing systemd-resolve command not found

and why I try to download it saying unable to locate the package can someone help me plzz

Hello all! I'm working this network on my own Kali machine, got connected and DNS is configured. I'm trying to do the password spray attack (all files downloaded to my Kali machine), but I keep getting this error message

/usr/share/offsec-awae-wheels/pyOpenSSL-19.1.0-py2.py3-none-any.whl/OpenSSL/crypto.py:12: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in the next release.

Traceback (most recent call last):
  File "ntlm_passwordspray.py", line 4, in <module>
    from requests_ntlm import HttpNtlmAuth
ImportError: No module named requests_ntlm```

Can anyone help with resolving this? I unzipped the task files to my Kali machine, like I said, so I'm not sure what else I need.

Hey there, please run it using Python3 as you can see here: Python 2 is no longer supported by the Python core team.. So run it with python3 ntlm_passwordspray.py and see if that works for you. The AttackBox has python3 as the default

I just ran it with python3 and it still giving the same error

  File "/home/kali/ntlm_passwordspray.py", line 4, in <module>
    from requests_ntlm import HttpNtlmAuth
ModuleNotFoundError: No module named 'requests_ntlm'```

pip3 install requests_ntlm

this worked! Thanks! So to understand, my kali was missing a p3 module that allows the sprayer to run?

That is correct yes. You were missing that python3 package. Most no module named X can be solved by running pip3 install X. In certain cases more steps may be required. But just a rule of thumb

Good to know, thanks for that tip!

Hello! Back again, about to finish the "Configuration Files" section. I'm trying to run the mcafee pwd decrypt.py program, but I'm getting an error message similar to the last one
No module named Crypto.Cipher
I did the 'pip3 install Crypto.Cipher, but it still doesn't work after installing the module. Any help with this?

@whole cedar I had a lot of issues at that part, this is ultimately what I did

Thanks!

Gave +1 Rep to @undone knoll

sen adamsın be oldu teşekkür ederim 🙂

python3 -m pip install pycryptodome

Crypto.Cipher is a part of pycryptodome lib

However the dcrypt.py is a python2 there is an updated version on github that supports py3

https://github.com/funoverip/mcafee-sitelist-pwd-decryption

Hi, I can't connect to the vpn. I already succeeded without any problem last week, then I tried again this morning and impossible I still have this error when running openvpn breacad.opcn : "2023-04-27 10:22:34 Using peer cipher 'AES-256-CBC'
2023-04-27 10:22:34 Error: problem with tun vs. tap setting
2023-04-27 10:22:34 Exiting due to fatal error
". I launched the thm-troubleshoot which did not solve my problem so I come to ask for help here : "[+] Stable internet connection
[+] OpenVPN is installed
[-] tun0 interface does not exist
Would you like the script to attempt a connection automatically (Y/n)? Y
[+] Connecting....
[Warning!] Connection process is taking longer than expected to complete
[-] Failed to connect
Failure to connect to the VPN can usually be solved by one of the following options:
-Regenerating your OpenVPN config on the TryHackMe access page (https://tryhackme.com/access)
-Switching servers, then regenerating your OpenVPN config
-Checking your system time. If your system time is incorrect then this can cause issues with the authentication process
If none of these methods work, please ask for further assistance in the TryHackMe Discord server, subreddit or forums.
[-] Exiting
"
Thank you

Try editing the ovpn file and changing dev breachad to dev tun

Gave +1 Rep to @undone knoll

It works! Thank a lot ! 🙂

Great 🙂

┌──(kali㉿kali)-[~]
└─$ nslookup printer.za.tryhackme.com
Server:         10.200.27.101
Address:        10.200.27.101#53

Name:   printer.za.tryhackme.com
Address: 10.200.27.201

                                                                                                                     
┌──(kali㉿kali)-[~]
└─$ curl http://printer.za.tryhackme.com/settings.aspx
curl: (52) Empty reply from server

printer.za.tryhackme.com seems to be unresponsive when I do the LDAP Pass-back Attacks exercise in Breaching Active Directory

Hey everyone! I'm trying to connect to the Breaching AD network. It's running, the VPN is going and I have an internal IP... but I keep getting a DNS error when I try to connect to http://ntlmauth.za.tryhackme.com/ or http://za.tryhackme.com/... Could someone help? I use Kali (not on a VM) and the systemd-resolve command it tells you to execute won't work. I've tried installing systemd-resolved but that just (1) ruins DNS on my computer and (2) still doesn't work because resolvectl has different syntax than systemd-resolve, which is now deprecated...

If anyone could help that would be appreciated!

sudo nano etc/resolv.conf

Place THMDC at the top with nameserver

Thank you so much. That works.

Gave +1 Rep to @wooden minnow

Happy Hacking.

Okay one more problem... I'm having the same issue here. It says the DNS address couldn't be found for http://printer.za.tryhackme.com/settings.aspx
#breaching-ad message

Did you restart the sytemcl?

NetworkManager?

Yeah... the THMDC IP addr. is in /etc/resolv.conf but now NONE of the domains are working...

Have you followed the pinned message for debugging? If so, can you share that output?

Oh, I didn't see that, thanks, I will look into it

Gave +1 Rep to @dense cedar

Okay, so as I said earlier, the initial DNS steps involving systemd-resolve don't work for me. I followed @wooden minnow's advice about putting the THMDC IP address into /etc/resolv.conf which is now

nameserver 8.8.8.8``` and that worked temporarily. I'm now connected to the VPN and can ping THMDC (in my case 10.200.4.101). However, `nslookup tryhackme.com 10.200.4.101` (step 3) fails with a timeout. Step 4 (`nslookup tryhackme.com`) does work fine though.

nslookup can be buggy.

Can you access the website?

I can access tryhackme.com but not za.tryhackme.com.

Wait-

Can you quickly send me your VPN IP? So in your VPN file, there will be an internet IP where you are connecting to. If you send me that one I can take a quick look to see if DNS is working in the network

It started to work

One second...

I think the reason might've been that I had THMDC IP as the second entry in /etc/resolv.conf? I don't know how that would change anything but reverting it to the first entry now fixes the issue

Yeah, that would be an issue, remember DNS takes priority, so if it is the second instance, would never get used

Ah thank you so much. I had assumed that if a host didn't resolve for the first one (8.8.8.8) it would advance to the second one.

Gave +1 Rep to @dense cedar

I guess that's not how it works though 😅

That is a correct assumption, but 8.8.8.8 is an internet DNS, so it will at all cost try to resolve your request. Always put your internet DNS second 😉

That makes sense. Thank you for clarifying! I have a lot to learn about DNS

And remember the golden rule when hacking AD, your issue is always DNS related 😂 Have fun!

😂 Yes it is... I will!

Hello guys
Im currently blocked on BreachingAD because a connection
i do all the step , i have ping to the ip , when i execute nslookup thmdc.za.tryhackme.com it's work
but when i try access to http://ntlmauth.za.tryhackme.com/ on firefox it's give me this error :
Hmm. We’re having trouble finding that site
if someone have the solution it's can be helpful
thank you 🙂

Do you have the THMDC IP as the first entry in /etc/resovl.conf?

Yes

All is good only the access to the website not working

tftp -i 10.200.32.202 GET "\Tmp\x64{11576AEB-86
2C-43B3-8BC8-BC99BFEC579C}.bcd" conf.bcd
Connect request failed

why is there an issue in connection ?

It worked for me! Thank you!

Here are the steps I used while connecting from my own kali VM

1. Generate and download the breachingad openvpn config file from the "Access" page
2. Change the line from "dev breachingad" to "dev tun" in the breachingad.ovpn file
3. Add the $THMDCIP as the DNS server address (follow the kali steps from the breachingad page)
4. sudo openvpn breachingad.ovpn
5. sudo resolvectl status => Check the tun0 interface number. (Say, 3)
6. sudo resovectl dns 3 $THMDCIP
7. nslookup za.tryhackme.com

Gave +1 Rep to @undone knoll

Great 🙂

I'm trying to follow task 1 for breachingad with the attack box.

Does anyone know what I've done wrong here?

I see other network intnerfaces

but not breachad

cmdlet not existing? any idea?

Did you import PowerPXE?

Did it yesterday, but i repeated again the process with success. Import-Module .\PowerPXE.ps1

Thank you!!!

Gave +1 Rep to @dense cedar

anyway, i mounted the image and grep "Password" in every file 😄

Hello I'm new and was told I can get help here I can't get my kali VM to connect to the network i've already tried following the steps in the room

Can you verify and share screenshots it will make it easier

!docs verify

i can't seem to find a button to upload images how do i post my screenshot?

See my previous message above.

ok

on doing nslookup thmdc.za.tryhackme.com , i am getting server cant find the host error

please help

Hey there, please review the pinned messages

Hi! I'm in the Breaching AD room and I'm using the attack box. I don't have the breachad interface or any other interface with another IP than the one assigned to the attack box. What can I do?

Same here

I think it needs to be resetted. Yesterday it worked for me

Tried again today, same issue

Just tried it too and it doesn't work. Really weird

I think the breached interface is actually tun0

ip a s would confirm this.

Hello. I downloaded my vpn configuration file for Breachingad network, but when I try to execute "sudo openvpn breachingad.ovpn" I keep getting an error "Options error: Unrecognized option or missing or extra parameter(s) in breachingad.ovpn:14: data-ciphers (2.4.7)". How to solve this?

Open the ovpn file and change the line that says data-ciphers

Change that to cipher

Yeah, I already solved it by replacing breachad to tuv and data-ciphers to cipher

But now I get another problem. I did "systemd-resolve --interface tun0 --set-dns 10.200.97.101 --set-domain za.tryhackme.com
" and the response to "nslookup thmdc.za.tryhackme.com" was
Server: 127.0.0.53
Address: 127.0.0.53#53

** server can't find thmdc.za.tryhackme.com: SERVFAIL

I have an interface
ens5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 9001 inet 10.10.201.163 netmask 255.255.0.0 broadcast 10.10.255.255 inet6 fe80::37:62ff:fe9f:2659 prefixlen 64 scopeid 0x20<link> ether 02:37:62:9f:26:59 txqueuelen 1000 (Ethernet) RX packets 91820 bytes 7200391 (7.2 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 59295 bytes 73881197 (73.8 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
which seems to correspond to my internal IP, but when I try to
systemd-resolve --interface ens5 --set-dns 10.200.97.101 --set-domain za.tryhackme.com
I get
The specified interface ens5 is managed by systemd-networkd. Operation refused. Please configure DNS settings for systemd-networkd managed interfaces directly in their .network files.
(In AttackBox)

3. Run nslookup tryhackme.com <THM DC IP> - This will verify that the THM Name server is active. If the PING worked but this does not, time to contact support here since something is wrong. I'd also suggest hitting the network reset button.

`nslookup tryhackme.com 10.200.97.101
Server: 10.200.97.101
Address: 10.200.97.101#53

** server can't find tryhackme.com: SERVFAIL`

I already reset the network and I still getting the same error

Did you set the THMDC in resolve.config?

How to do this?

sudo nano /etc/resolve.conf

Put the nameserver on top.

I set the DNS throug Network Manager.

`sudo cat /etc/resolv.conf

Generated by NetworkManager

search za.tryhackme.com
nameserver 10.200.97.101
nameserver 127.0.0.53
Previously I didn't havenameserver 10.200.97.101, now I've added it, but the error didn't gonslookup tryhackme.com 10.200.97.101
Server: 10.200.97.101
Address: 10.200.97.101#53

** server can't find tryhackme.com: SERVFAIL`

nslookup tryhackme.com 10.200.97.101 ;; connection timed out; no servers could be reached

`python3 ntlm_passwordspray.py -u usernames.txt -f za.tryhackme.com -p Changeme123 -a http://ntlmauth.za.tryhackme.com/

Traceback (most recent call last):
File "/home/kali/ntlm_passwordspray.py", line 4, in <module>
from requests_ntlm import HttpNtlmAuth
ModuleNotFoundError: No module named 'requests_ntlm'`
😕

pip install requests Defaulting to user installation because normal site-packages is not writeable Requirement already satisfied: requests in /usr/lib/python3/dist-packages (2.28.1)

Does anyone know how to fix this?

The error says that it is missing requests_ntlm. Installing that particular package should take care of it.

You're right, I should have installed requests_ntlm, not just requests

I'm still having problems with the breachad interface...

The problem is, that it doesn't exist in the attackbox network

sudo nano /etc/resolv.conf and add as the top nameserver

Task 6 : I'm having issues with the tftp command to get the bcd files :
Any clues to what I'm missing ?

Solved : new .bcd files have been generated after restarting the network, and these can be downloaded via tftp

i am not unable to connect to breachad.vpn

anyone know this issue?

Edit the ovpn file and change dev breachad to dev tun

WORKED❤

Thanks @undone knoll

Gave +1 Rep to @undone knoll

You're welcome 🙂

I cant get into http://printer.za.tryhackme.com/settings.aspx

what is the solution?

I came here specifically to look for answers for the same question @dreamy hamlet ! Thank you @undone knoll !

Gave +1 Rep to @dreamy hamlet

sometimes I wonder what the point of teaching about outdated tools with no real world usage is 😅

Showing what's possible, also the tool has been adapted for Python 3, you can find it

yeah of course, I'm just saying since there's been a lot of instances of outdated content that I've seen, could've just put the updated version in the room

It's honestly very hard to keep up with new tools and what gets updated

Pretty sure the updated tool isn't by the same person even

reason I mentioned this specifically is because it was clearly already outdated when the room was made

hence the note

Yeah, I'm just also not sure the updated tool was out at the time

If something is outdated, try to find out whether there's a current version on GitHub, and sometimes you have to work with multiple versions because of compatibility issues

Anybody setup this up with the Kali attack box?

The DNS is giving me a challenge

one mistake I made with the DNS resolving is I was using the wrong IP address

systemd-resolve --interface breachad --set-dns $THMDCIP --set-domain za.tryhackme.com

in the above $THMDCIP should be the IP right below the THMDC computer in the network diagram

(from the kali attack box)

need help

i have setup everything still throwing this error ERROR The requested URL could not be retrieved

why

!help

🙏

changing the browser then it got fix

I've been struggling for 2 hours, I tried it on 2 different computers and I still can't access this goddamn AD, it's complete bullshit, I'll stop trying.

Vpn issues?

should I contact support? I'm able to ping the DC IP but not able to run nslookup with tryhackme.com in front.

Everything seems to be working fine, why are you trying to lookup tryhackme?

step 3 in the pinned message, also can't access ntlmauth.za.tryhackme.com.

I'm on my own Kali installation, if that helps

Ok, so I ended up just adding the line
10.200.97.201 ntlmauth.za.tryhackme.com
to my /etc/hosts file, which is ridiculous considering the room doesn't even mention this.

This is a very rare occurrence.

Hi! I facing some issue after i click join room, i cannot find start button under the diagram for start the lab, how can i solve it's. (try using chrome and firefox same issue).

Him

The network runs 24/7.

So when you joined the room the "box" will already be started.

If its not there is a start button under the diagram.

this is what I had to do as well, but now the printer settings page isn't showing up no matter what combination of IP/host I add to my /etc/hosts file and the network manager instructions haven't worked from the very start of the room

so not sure where to go from here

probably just gonna try the attackbox

isn't that one of the uses of this server? for people to bring up issues so that they're resolved? it's hard, but if you're going to operate a service it's on the providers to update that service

jfc gonna just do HTB's Active Directory room lol

I mean, sure, but if room creators had to deal with every single issue and update rooms any time something new came out, they wouldn't have time to make new rooms 🤷 I thought we were supposed to learn the mindset of researching and resolving issues ourselves, and that's certainly what HTB content wants too, but to each their own

I resolve issues when I can. I did everything I could, even used the solutions found in here and nothing worked. Went to the attackbox and it's barely working over there as well. Sure, researching is an important skill, but it's also a cop out for anyone who's responsible for creating something and just allows it to deteriorate

"just research bro"

I've spent hours on HTB having to research for a solution. I've never had to find my own solutions for a problem that isn't my responsibility

I did actually have the most issues with Breaching AD for some reason, the rest of the network rooms work fine. This is where I learned the most about active directory so far.

I'm trying to look around, I may have missed it, but if you've shared what you've tried so far, someone here might be able to help. It's just my personal opinion that bashing the platform isn't conducive to anything productive.

how is offering a little bit of harsh, yet deserved, criticism bashing? is everyone supposed to only say nice things and ignore the parts of the platform that are subpar? If so then I apologize and I won't say anything mean anymore

👍

Sorry, nano /etc/resolv.conf and add on top "nameserver 10.200.32.101" with the THMDC adress in the top ot the diagram. The other nameserver must be below
Kill openvpn and restart it
nslookup ntlmauth.za.tryhackme.com
Server: 10.200.32.101
Address: 10.200.32.101#53

Name: ntlmauth.za.tryhackme.com
Address: 10.200.32.201
You can add on /etc/hosts: 10.200.32.101 za.tryhackme.com

Please I need help, I have been able to connect to the breachingad VPN network and I have edited the DNS but I get the following error when I run the command. nslookup thmdc.za.tryhackme.com
;; communications error to 10.200.54.101#53: timed out
;; communications error to 10.200.54.101#53: timed out
;; communications error to 10.200.54.101#53: timed out
Server: 8.8.8.8
Address: 8.8.8.8#53

** server can't find thmdc.za.tryhackme.com: NXDOMAIN

Look at my post

Can you verify and post screenshots

!docs verify

yes

Can someone guide me how to connect to the breaching ad?

VM or attackbox?

From VM

I posted my problem in support chat yesterday at 11:52 PM

you migh tneed to nano your VPN file and change dev breachad to dev tun

I did, before this change the vpn file did not work

And I can ping the THMDC but I can not nslookup on them

Any other solution?

nslookup can be bugged, can you also view the webpage?

Are you on it just now

?

I edit /etc/resolv.conf and put the THMDC in first.

No, I will try in a few minutes

I tried also with the ip

can you cat /etc/resolv.conf

I didn't add anything here

Can you show me what should I add?

Whatever ip you have here

Place it at the top

nslookup is working now, but I am still not able to access from the browser. Is that ok?

the URL?

you don't access that IP from the browser.

THMDC is the Domain Controller

http://ntlmauth.za.tryhackme.com/

Can you access this link?

No, is not working

That's fine, that's all you need to access, you'll interact with the DC when you use the python script to bruteofrce the password.

Just work thorugh the materials and tasks and you'll be done.

Ok thank you!

And what happens when the number of days of access are left?

You'll be kicked out, if this happens and you're not done you just re-join.

You have x days so that in active users can be kicked, as the network rooms run 24/7 and it would be wasted resources.

I understand

Sorry, but how am I supposed to do the tasks if I can not visit this login panel from the URL provided?😅

I thought you said the website worked?

I said here that is not working

oops!

😂 no problem

But do you have a solution for this?

Right no, I'm in the middle of setting up a new VM.

Who should I contact for a little help? I posted on site-support and nobody answer😢

They would just direct you here.

I tried also from the Attack Box and is worse, the THMDC is not reachable and the systemd-resolve command is not working...

@long mural

What issue are you having?

done the changes in openvpn file from dev brachad to dev tun
vpn file connect, after that i add the nameserver of domain
but still not working i try to do via nslookup

Can you verify your account please.

!docs verify

sure let do it first

done

Now, can you send me a screenshot of

cat /etc/conf.resolv

sure

Can you try nslook up in sudo?

nslookup <domain name here>?

yeah, but chuck sudo in front

i think its working fine right?

It's still using 192...

Oh!

Look at your syntax.

namserver 10.200.92.101

You've missed out an e.

sure let me change it quickly

Now is it working fine?

That's progress.

Is your network running?

let me check first

yes runing

running

Now it did show any progress error

That worked. 😄

thankyou so much for your valuable time

Can you access <http://ntlmauth.za.tryhackme.com/> ?

sure let me check

can we become good friends?

I'll accept your friend request.

(I question DM's because people have asked me about unethical black hat stuff. OR because I'm im a room tester they mistake me for THM staff)

Happy hacking, and enjoy the network rooms.

Understood bro!

thankyou

I don't understand for me is still not working...😢 I am connected to the openvpn file, I added the ip address in the /etc/resolv.conf, the nslookup is working but I still can not access the web page

What I see different is that I can not access /etc/resolv.conf without sudo and is a symlink, is looking like this:

Did you do something different than me?

You need sudo to edit it.

I edited I sent here the photo

Try putting it on line 12

Still not working :/

No matter what I do for task 7, when I try to scp the ma.db file I get a "./ma.db: Broken pipe" error.

Hi guys,

If anyone have problem using burp suite with NTLM authentication, I'll share a solution

1. Setup NTLM auth credentials
2. Enable use of HTTP/1.1

Can you please explain me what steps did you follow to make the connection? I can't find the solution and the support is answering very hard

This room is so struggling

Wasted a lot of time fixing weird issues

hey guys, I can't setup my Kali host for this room, I tried editing my IPV4 settings in the gui, also tried /etc/resolv.conf and it's not working

The GUI is not a good idea.

Can you show a screenshot?

of my resolv.conf ?

# Generated by NetworkManager
search za.tryhackme.com
nameserver 10.200.xx.101
nameserver 192.168.1.1
nameserver MYPERSONALIPV6

Yes

maybe it is because my network is ipv6?

I have the exact same problem

I openned a ticket a few days ago, still not getting an answer…

To be exactlly, monday, almost a week

Which subnet are you in?

was .25

10.200.24.101

@void trail did it finally work for you?

mine's still not working

No, I am just waiting for the answer of my ticket

The problem is that the Attack Box is also not working for me :))

oh you paid for it and it's not working?

I got the room for free with the 7-days streak

do other AD rooms like enumerate AD work for you? Or is it the same problem?

does any one have issue regading breaching-ad machine

What issue do you have?

Connecting:

If you're having an issue connecting to the room via OpenVPN.

1. Download your VPN.
2. Connect to it as normal (probably best you turn off the normal or VIP THM VPN)
3. When connected use the command sudo nano /etc/resolv.conf, your conf should look at the attached screenshot, the ip will come from 10.200.xxx.101, the x's will be your subnet, this can be obtained from the THMDC.
4. place the nameserver at the top, above all others, only then nslookup will work.

Attackbox

Steps are the exact same, Open the Attackbox inside the BreachAd room

Troubleshooting:

1. If the communication cut out, just after you've started the server, wait 5-10 min(s)

2. Website not working? Double check your using HTTP, the website won't work if you're trying to do HTTPS, if Firefox is making https the default, turn it off.

i am able to connect using open v[n sucessfully but unable to access any site of the AD

Did Firefox resort to https?

plz wait i will attached the Screenshot shortly

Attackbox screenshot

I am not able to send attachment here but here is the error message
;; connection timed out; no servers could be reached

before executing the nslook command i have follewd the instruction:

!docs verify

Can you verify your account?

yes

Can you edit the resolv.conf file?

yes can you provide me configuration?

Look at the screenshot above.

in your case it will be

nameserver 10.200.20.101

oaky the second nameserver will be same?

That's the IP from your screenshot, I'm assuming from your THMDC.

Put it above the searchdomain

does nslookup work now?

no here is the result

Ok.

Nano it and put it above the search localdomain

nameserver 10.200.20.101
search localdomain
etc```

here is the changes config and result.

I'd suggest now leaving the room, using the cog at the top right, and re-enter the room in a few min(s)

i have already tried it but it is not working.

I did not try others because I want to do them in order

Did it place you in a new subnet?

no sir it had place me in same subnet.

You used this part, yes?

I had leave the room as you shows in the screenshot.

Wait 5 min(s)

okay sir

You can nslookup but you can not acces the web server, right?

They can't nslookup.

Which webserver are you trying to connect to?

Right now I am not trying, but I have the same issue for weeks, we already talked about this problem in this thread😄

Is about the first login pannel

This one?

This one

You never seen this?

No, and is not working also from the Attack Box

Thanks now its working.

Gave +1 Rep to @wooden minnow

I will give it another try tonight, can I tag you to take a look?😁

I'm in the UK, and I won't be around between 6PM and 8Pm, but sure.6

I do

https://discordapp.com/channels/521382216299839518/983792015382810634/1125710954995396739

I'm in another subnet and getting the exact same problem

Same steps?

Yes but I'll try to change the search line because I don't have exactly the same one

Can you show a screenshot of what you do have?

# Generated by NetworkManager
search localdomain
nameserver 10.200.25.101
nameserver 192.168.0.10
nameserver fd0f:ee:b0::1

I can nslookup but can't access http://ntlmauth.za.tryhackme.com/

oh actually it's working with firefox

not with Chrome

🙂 There we go.

Now I have a hope for me also😂

There's been a few people not being able to connect to the breached room, @somber ledge

Are you able to pin this?

#breaching-ad message

@wooden minnow I am not sure if I have /etc/resolve.conf. I see your screenshots, on the first line I must have "Generated by NetworkManager". I don't have this.

I have this file instead

I made a spelling error then corrected it.

Is that ok?

Yeah

And what should I do now? Is the same problem, I can nslookup, but I can't reach the page

Can you show a screenshot of the page.

This should be added in /etc/hosts?

No, it doesn't need to be

Can you double check it's http and not https

Yes, is http

I tried with Chronium also

Can you leave the room for 5 mins and rejoin the room?

Ok

Join and wait 5 minutes, or wait 5 minutes and join?

Wait 5 mins then join

Is still not working

Did you change resolv?

No, the ip is the same

The network did not restart

Use the cog and leave again, lol

What is cog?

You'll find it top right

I already did that...

If you wait slightly longe,r it could put you in a new subnet.

I also added the ntlmauth in resolv.conf, is that ok?

I mean, in the instructions they mentioned that you need to nslookup on THMDC and then you can access ntlmauth

Is it working now?

I am in other network now, but the nslookup is not working :))

Oh wait, the network was stopped, let me check

Still not working...

Can you click in the address bar?

What do you mean?

This part.

Is http if this is why are you asking

Just double checking, Firefox can be annoying and stick in https

Can you try a different browser?

This is Chronium, still not working

I appreciate your help, but I think the source of the problem is not this one

Is that the website?

http://printer.za.tryhackme.com/settings

Try that one

Nope, didnt work

We can try with Attack Box if you want

I am not able to intercept NetNTLM challange using responder. I try more than 3 times and wait for more than 30 mins. Can someone Please help me

Can you show a screenshot?

http://printer.za.tryhackme.com/settings.aspx is responding to "Why is there no browser" even though I've done everything and the network is working?

guys ?

Everything is running. Network responds to pings. Responder NO LONGER WORKS. In my opinion, someone needs to go in and test and likely re-write the scheduled task.

I have tried it both on the attack box and my kali an left it running for more than 45 minutes...nothing. Also this is the second day I have tried to accomplish this.

@wooden minnow please let me know your ideas regarding responder. Thanks in advance.

Gave +1 Rep to @wooden minnow

Responder worked for me...

How long did you wait?

45 minutes on 3 different occasions...

That's great that it worked for you. I wonder what the difference is...

Are you doing it now?

I moved on to EnumeratingAD

hmm... I'll try it again tomorrow morning. All I can think of is that I had two services that did not start on port 80 and 53, that is not pictured in you screen print...but I don't see how that would matter. Did you use the attackbox?

I already made sure my responder was up to date...yeah I'm at a loss.

No, I used my VM.

Are you remoting in with the vpn package or are you already in the internal network?

I guess my fear is that my responder is not working...I've successfully used it quite a few times. I am even repeating this exercise in preparation for OSCP. Last time I had no trouble.

I'll have to test responder on another exercise, I guess.

Also, thanks for checking it out for me.

VPN.

Okay, well all the boxes are checked. That's all I can think of. Thanks again. If I find the difference and get it to work for me, I'll report back

didnt realise this was a channel

ok I think it wasnt workign cos I didnt change my IP address in the $THMIP section lmao

That will do it.

😄

If in doubt, check the pins.

I started this all over again in the AttackBox. I'm going to walk the dog and come back. Fingers crossed.

Nothing. Knowing when to move on will be my biggest challenge with the OSCP. So, moving on...

Whenever I try to download the OVPN config to connect to the Breachingad network it throws a 404. Also, when I launch an AttackBox I can't ping the THMDC IP as documented. Am I missing some part of the process?

Leave the room for 5 mins

Small cog at the top right.

Ah, this worked. Thank you!

Gave +1 Rep to @wooden minnow

I am having the same issues with never getting anything with Responder. I have tried both with my own VM and with AttackBox. Waiting over an hour yields nothing.

you could try deleting the responder.db file and retry

I'M not able to connect to Breaching AD I am coonected to Ovpn and set the DNS server of THMDC also

See

I had to comment out my 192.168 address in my resolv.conf file or else I got recursion errors.

Check the pinned posts.

This worked. Thank you!

Gave +1 Rep to @grizzled glacier

Hello I have problem to connect by breachindag.opvn from my kali machine...

Check the pinned posts. 🙂

The problem is with the file...

Which file?

.opvn from THM

This pinned post doesn't fix the file... file is broker whilemis generete from THM. Everyday others opvn files working fine. Only this one doesn't!

Tey regen it then.

Or how is It broken?

I done that mamy times... its not want to connect - showing error

Can you copy and paste the error?

Or verify and submit a screenshot?

!docs verify

I can't attached here any printscreen

https://cdn.discordapp.com/attachments/1059323021057327160/1129182469833371709/image.png

https://cdn.discordapp.com/attachments/1059323021057327160/1129183400582991943/image.png

Nano your file, and change the 'dev breachadtodev tun`

I fixed it by myself - edit numbers - breachingad to breachingad solve problem after regenerate file...

hello there

someone experience or know why the nslookup wont work but Ping works when i try to ping the domain IP

#breaching-ad message

when i ping the IP it gives a response, but nslookup says not found

also known as pinned messages in here

thx man

i have a look

sorry for disturbance

just bounced my head all night and day

no problem and good luck

for this thing...

worst case that subnet needs a reset

i have a look, if you dont hear from me again, it could be my moms spinache or i fixed it with your and the others help!

i hope it will be the 2cond

wtf bruh.. it works ?

i feel like i created frankenstein

Hi All, do i need to update the configuration of the attack box to be able to connect to this website http://ntlmauth.za.tryhackme.com/. I just start the network and attack box but I am not able to get any information about this URL. Do I need to update any file or DNS related records, if yes, could you please share the steps with me?

*Check pins

someon experience with the ldap pass attacking task, where is gives the message "invalid credentials" the moment you have set up the slapd rogue access point

LDAP Connection failed: The supplied credential is invalid.

this is the exact respond i get

Ive been looking for hours now so I guess I’ll break down and ask. So I installed slapd ldap-utils and sudo depkg-reconfigure and all of that. Made the olcSaslSecProps.ldif file and when I run ldapmodify command , I keep getting no mechanisms available , security flags do not match required, error. Sometimes it works but then I don’t get any mechanisms showing after ldap search. Just a dn: with a lot of emptiness . Anyone got a fix .

Did you follow along with the installation of the room?

Yes . All the way .

I figured out the problem.

What was it?

Hello! Several days I can't configure the DNS on this room: is it normal that I can't ping THMDC?

PING 10.200.24.201 (10.200.24.201) 56(84) bytes of data.
From 10.50.22.1 icmp_seq=1 Destination Host Unreachable
From 10.50.22.1 icmp_seq=2 Destination Host Unreachable
From 10.50.22.1 icmp_seq=3 Destination Host Unreachable

I already checked the pinned content

Check the pins.

Already checked 2 times, reset 3 times.

Already tried the brick thing, I'll retry again

Do you confirm that even if the DNS setup is not set, we should be able to ping the IP of THMDC? I have the same problem on the Attackbox while applying the steps

Yes, because it's up?

The destination is unreachable even in the Attackbox

I waited the end of the network timer and redid Start

Try leaving the room, and waiting for a peroid and re-joining.

OK I leave the room, I'll come back in a few days. Thanks for the help

Gave +1 Rep to @wooden minnow

The patch for this issue is in a pull request today. So hopefully soon this is a problem of the past

Hello, I just tried today and it seems to work like a charm. Thanks for the update

Gave +1 Rep to @dense cedar

Hello! On the responder task, I waited 1h and no hash captured. I retried after deleting responder.db, but it's 20 mn I'm waiting and no hash captured. The command used is sudo responder -I tun0 , the interface matches with the one displayed by ip addr, and the VPN is activated for both tun0 and breachad

Am I doing something wrong? Is the scheduled task online?

You should get a capture in less than 20 minutes from what i remember, are you using a local VM?

I'm using a local VM Kali on my Windows computer

and the VPN is activated for both tun0 and breachad, Do you actually have two openvpn connections?? (daraxxo.ovpn , breachad.ovpn) If so, you should only be using the breachad.

If I remove the daraxxo.ovpn I don't have tun0 in the interfaces listed by ip addr

I killed the 2 openvpn connections and only used the breachad one. ip addr lists the interface breachad but not tun0

Shouldn't I use the breachad interface instead of tun0?

For responder I mean

I'm testing it

Nothing in 22 minutes

Haha the network was stopped! Restarting it. I'm confident it will work (if the scheduled task is here)

It worked 🙂

Thanks @quasi dome for the tips

Gave +1 Rep to @quasi dome

hi, when trying to join the room it redirects from https://tryhackme.com/room/breachingad to https://tryhackme.com/r/rooms

Do you have a 7-day streak?

no, should I?

Yes.

Yes, it's a prerequisite for the room if you're not a paying subscriber

ok

I'll make it these days 🙂

Hey can anyone tell me the steps to connect

To the network

Check the pinned posts, I wrote out a post with screenshots.

I tried, but i don't know where m missing

Thanks bro , m checking em..

Hey doing lie, the pin command but

Its not working

Any idea ?

Got this problem since few days ago ...

I see what you've done.

You've edited the wrong file.

it's resolv.conf not resolve

I mean...

x)))

in your pin comment ^^

My bad!

Your fine x)

You already helped a lot

maybe just edit it as nobody else get in thr trap 😉

Already fixed 😉

^^

Ill take a look if it will work like this

Working fine !!

I am currently unable to access the http://pxeboot.za.tryhackme.com website, as it displays a "server not found" error. Additionally, I'm unable to establish an SSH session using "ssh thm@THMJMP1.za.tryhackme.com" while using Microsoft Deployment Toolkit. I would greatly appreciate any expert suggestions or assistance to resolve these issues. Thank you in advance for your help.

And now its my VPN who is causing troubles x)

I cant connect to the VPN 😢

ANy idea ?

Regen.

Already done

Still not working?

Did you delete the old one?

Working now

Guess i just had to wait ^^

Arf

Tryes w/ python 3 and 2.7

And everything have been downloaded

Idk if its the machine,or m

what is the error output?

None

Like

Nothing

It just do that x)

It doesn't look like it's running at all

but im doing it with python

Thats strange

So no answers ?

Can you cat the python file?

The python file is exactly the one given

Hi folks, I've been facing issues with the breaching AD room. I'm using my own machine to connect to the breachAD network. The site then asks me to change my DNS settings using the follwoing command systemd-resolve --interface breachad --set-dns $THMDCIP --set-domain za.tryhackme.com , but the kali linux throws an error systemd-resolve: command not found .

I googled about this and someone said that the systemd-resolve has been replaced by resolvectl. Can someone please help me with this!!!

pls dm or mention me if you have an answer with regards to this

Check the pins in this channel, there's a good explanation on how to connect from Scrubz

Thanks a lot mate

Gave +1 Rep to @undone knoll

Ok so I have been trying to access the AD Breaching room for the past couple of days. I am using a Kali VM in VirtualBox. I edited the resolv.conf file and added the nameserver to the top of the list. This helped me with the nsloookup thmdc.za.tryhackme.com and the domain got resolved properly on the terminal. But whenever I enter the same domain in the browser it throws an error that we're having trouble finding that site. I even reset the network, but nothing seems to be working. Any help or channels where I can let the moderators/admins know about this??

ok so entering the site manually in /etc/hosts did solve my probleme but I don't think this is the intended method

Which subnet are you in?

10.200.92.101

What do you recon could be the reason @wooden minnow ??

Could be a dead subnet.

@wooden minnow

@dense cedar can you help me trace the problem ?

I reset the network

Which task are you on?

pxe one

Task 6

also the site pxeboot.za.tryhackme.com won't load on the browser

Did you check pins

@cosmic kite

I meant pins

In this channel

anyone know how to hack roblox accounts?

thanks

Gave +1 Rep to @wooden minnow

state your subnet, other people might reset it for you, or vote yourself every 30 min(s)

Gave +1 Rep to @wooden minnow

Hey Guys I am stuck in BreachingAD on Task5 because there is no more diskspace left. What can I do?

Are you on the attackbox?

Oh no I am SSH into the Jumbhost (THMJMP1.za.tryhackme.com)

Its Task6 sorry 😄

Is this on your VM?

No, you need to ssh into the machine THMJMP1.za.tryhackme.com and make a new direcotry with your user and download from the PXE server. Currently I cant even make a new direcotry cause no more space

This might require a network reset, too many users have then extract the PXE image. You could also just look to use the image that another user downloaded in their directory

Yes that was my intention but then I got this:

It cant even write a history txt file

Mmm, I think it is then going to need a reset sadly since it is even too full to read files. There is a script that should flush the entries every 60 minutes, but it can fail. You can send me your remote IP (in your OVPN file) and I can try to take a look for you

I managed to execute the powershell and find the location of the wim file. I am not gonna download anything and using the resources that are downloaded already. Can I come back to you if I get stuck again? 😄

Jip, good luck there!

Thanks for the help! @dense cedar

Gave +1 Rep to @dense cedar

For anyone stuck at the same part atm I used the "Wally" folder there are all the files you need. And you dont have to download anything.

Task5 I set the dns and wait with responder on tun0 but no capture ever appears

Is the with responder ?

sudo responder -I tun0 is the command. And it says I should receive a SMBv2 Connection in up to 30 minutes

Should be faster than that.

Usually is.

Might need to reset the network

Breaching ad network is very slow for me and sometimes it is not reachable at all

@wooden minnow I tried the exact steps from the pinned message, but still not able to configure properly. I am getting the message saying "server can't find thmdc.za.tryhackme.com: NXDOMAIN
"

!docs verify

Can you follow the above link verify, to send screenshots?

Hey scrubz, I restarted the machine, now its working fine. Thanks!

Gave +1 Rep to @wooden minnow

hi guys im having issue connecting using kali attackbox

┌──(root㉿kali)-[~]
└─# nano /etc/resolv.conf

┌──(root㉿kali)-[~]
└─# cat /etc/resolv.conf

Generated by NetworkManager

search localdomain
nameserver 10.200.55.101
nameserver 8.8.8.8

┌──(root㉿kali)-[~]
└─# systemctl restart NetworkManager

┌──(root㉿kali)-[~]
└─# nslookup thmdc.za.tryhackme.com
;; communications error to 10.200.55.101#53: timed out
;; communications error to 10.200.55.101#53: timed out
;; communications error to 10.200.55.101#53: timed out
Server: 8.8.8.8
Address: 8.8.8.8#53

** server can't find thmdc.za.tryhackme.com: NXDOMAIN

Hey guys! Anyone here done the room and uses Arch? I have followed Arch wiki for setting up an openldap server, but I could not downgrade the suite to utilise the 'PLAIN,LOGIN'. Any LDAP gurus here?

Also, I am experiencing TFTP problem with "breachingAD" room, Task6.

I managed too pull the BCD file, but I am unable to GET the .wim file, I get 'Connect Request Failed' . Now I can't even pull the bcd file, as I get the same error.

Quick google tells me that this is server side TFTP problem.
Anything I can do, other than vote to reset the network and wait some 5 hours...?

hi guys

I'm trying to crack the NTLMv2 hash that I got from responder and no matter what I do it always output "Exhausted"

Are you doing the full hash?

I'm using the passwordlist.txt file

Or chopping a part off?

yes the whole row

with the username and all

Can I post here the whole hash ?

Yes, include spoilers please.

How do I do it ?

the spolier part

Yeah, that's the hash.

What syntax are you using for the hashcat?

the same as mentioned: hashcat -m 5600 lsntlmv2_svcFileCopy2.txt ~/Downloads/passwordlist.txt --force

strange..

Mine justr worked.

Your hash is different from mine...

hmmm so thats the problem

but how

if its the same user

Ah, I have an idea.

check your hash, do you have any spaces?

Because I copied your to try, and when I copied and pasted, you had line breaks

Thanks you were right

instead of the previous one

🙂

You get it now?

yes thank you 😄

🙂 Excellent, can you please delete your two previous please, so we don't spoil it for others. 🙂

Done, thank you 😄

Thank you 😄

Happy hacking.

Gave +1 Rep to @untold vale

Hi

Im doing Task 6 and I cant connect to the server

to download the PXE image via tftp

||tftp -i 10.200.55.201 GET "\Tmp\x64{C9AB627F-9759-435F-8229-5C4B3F8688FF}.bcd" px eboot.wim Connect request failed||