TryHackMe Zero Logon Official Walkthrough
Вставка
- Опубліковано 17 тра 2024
- Follow me on Twitter: / darkstar7471
Join my community discord server: / discord
Quick heads up, this video can be a dip further into the technical side at points. If it's tricky to follow, don't worry too much. I break down the exploit and demo it at the end, making it a lot clearer. If you want to learn more about the process of converting a PoC to a working exploit, I suggest following along as best as you can with task three within the video and replicating that when doing the room :)
Task Timestamps:
00:00 - Video Overview
00:30 - Task 1: The Zero-Day Angle
11:15 - Task 2: Impacket Installation
12:50 - Task 3: The Proof of Concept
30:15 - Task 4: Lab It Up!
TryHackMe Official Discord: / discord
TryHackMe Official Subreddit: / tryhackme
TryHackMe Room: tryhackme.com/room/zer0logon - Наука та технологія
Hi DarkSec, What if the environment uses machine certificates? will this work?
I don't believe so as the certificate would be used within authentication. That being said, updating is still the best mitigation technique against this vulnerability
For me i typed the exact same command you typed nmap -sC -sV -oA IP ADDRESS
And it says 'warning no targets was specified' i'm soo lost please help. This is such an annoying error
in case you haven't found the answer yet, move the ip address to directly after 'nmap'. you can also remove the -oA tag if you don't want to write info anywhere
before he typed "nmap -sV -sC -oA scans/initial 10.10.x.x" he created the scans folder with "mkdir scans" so that it can output there. does that help? worked for me
anyone receiving a no such file or directory when trying to run the exploit?
same here
Anyone else getting "AttributeError: 'str' object has no attribute '__spec__' when trying to run the second line (python3 -m virtualenv impactetEnv?
Same issue. I'm going back and watching the video. Figure I should start from scratch. I'll let you know how it goes.
@@JoshReyes9588 thanks! Appreciate it.
I ran into this as well - seems like the issue is that the attackbox Python environment is python 3.6, and a newer version is needed.
This worked for me:
apt install python3.9
python3.9 -m pip install --upgrade pip
python3.9 -m pip install virtualenv
python3.9 -m pip install impacket
python3.9 -m virtualenv impacketEnv
source impacketEnv/bin/activate
What OS is this?
It's a kali box with some custom goodies on top for the Attack Box :)
This is interesting but how do we fix this?
Microsoft has patches out for this. If you installs are fully up to date, you're all good :)
@@DarkSec Okay thanks, I just finished the room and the details is on POINT, thanks again.
@@PiduguSundeep so this attack will not work now right?
@@itsm3dud39 will work...if dc isnt patched!!
Hey Dark ;)
❤️
DISCORD: wHy Is ThIs BoX hArDdDD????/// ME:🥵
First
(-■_■) cool