TryHackMe Zero Logon Official Walkthrough
Ғылым және технология
Follow me on Twitter: / darkstar7471
Join my community discord server: / discord
Quick heads up, this video can be a dip further into the technical side at points. If it's tricky to follow, don't worry too much. I break down the exploit and demo it at the end, making it a lot clearer. If you want to learn more about the process of converting a PoC to a working exploit, I suggest following along as best as you can with task three within the video and replicating that when doing the room :)
Task Timestamps:
00:00 - Video Overview
00:30 - Task 1: The Zero-Day Angle
11:15 - Task 2: Impacket Installation
12:50 - Task 3: The Proof of Concept
30:15 - Task 4: Lab It Up!
TryHackMe Official Discord: / discord
TryHackMe Official Subreddit: / tryhackme
TryHackMe Room: tryhackme.com/room/zer0logon
Пікірлер: 24
Hi DarkSec, What if the environment uses machine certificates? will this work?
@DarkSec
3 жыл бұрын
I don't believe so as the certificate would be used within authentication. That being said, updating is still the best mitigation technique against this vulnerability
anyone receiving a no such file or directory when trying to run the exploit?
@greenonblack2790
Жыл бұрын
same here
Hey Dark ;)
@nightcoresynthesis5491
3 жыл бұрын
❤️
Anyone else getting "AttributeError: 'str' object has no attribute '__spec__' when trying to run the second line (python3 -m virtualenv impactetEnv?
@JoshReyes9588
Жыл бұрын
Same issue. I'm going back and watching the video. Figure I should start from scratch. I'll let you know how it goes.
@lucassantiago89
Жыл бұрын
@@JoshReyes9588 thanks! Appreciate it.
@MNTwinsGeek
Жыл бұрын
I ran into this as well - seems like the issue is that the attackbox Python environment is python 3.6, and a newer version is needed. This worked for me: apt install python3.9 python3.9 -m pip install --upgrade pip python3.9 -m pip install virtualenv python3.9 -m pip install impacket python3.9 -m virtualenv impacketEnv source impacketEnv/bin/activate
For me i typed the exact same command you typed nmap -sC -sV -oA IP ADDRESS And it says 'warning no targets was specified' i'm soo lost please help. This is such an annoying error
@kdvilla1148
Жыл бұрын
in case you haven't found the answer yet, move the ip address to directly after 'nmap'. you can also remove the -oA tag if you don't want to write info anywhere
@mreuge6002
Жыл бұрын
before he typed "nmap -sV -sC -oA scans/initial 10.10.x.x" he created the scans folder with "mkdir scans" so that it can output there. does that help? worked for me
What OS is this?
@DarkSec
3 жыл бұрын
It's a kali box with some custom goodies on top for the Attack Box :)
This is interesting but how do we fix this?
@DarkSec
3 жыл бұрын
Microsoft has patches out for this. If you installs are fully up to date, you're all good :)
@PiduguSundeep
3 жыл бұрын
@@DarkSec Okay thanks, I just finished the room and the details is on POINT, thanks again.
@itsm3dud39
2 жыл бұрын
@@PiduguSundeep so this attack will not work now right?
@amritaryal5897
Жыл бұрын
@@itsm3dud39 will work...if dc isnt patched!!
DISCORD: wHy Is ThIs BoX hArDdDD????/// ME:🥵
First
@cake8742
3 жыл бұрын
(-■_■) cool