Is this the hash one? (you did a MitM attack and got a hash).
The syntax on that one screwed me up a bit.
It's roughly [from memory]
userid:hashhashhash
you need to include the userid part too.

Nope. This isnt the hash one. This is just and AD attack. get the username. But it then asks me too hack the password. Tried the domain as the host with the username as the network admin from AD. But nothing.

Originally posted by DarkEthanol:

Nope. This isnt the hash one. This is just and AD attack. get the username. But it then asks me too hack the password. Tried the domain as the host with the username as the network admin from AD. But nothing.

Pay attention to what he says which directory to attack! It's not the AD! If you've already closed the WMI module with your former netscan... then you can't see it. ;)

I have now figured out the hostname, The problem I am now facing is that the password attack is just throwing at me what looks like a hash. I can not copy this or save it too a file too decrypt. Should this be doing this?

Originally posted by DarkEthanol:

I have now figured out the hostname, The problem I am now facing is that the password attack is just throwing at me what looks like a hash. I can not copy this or save it too a file too decrypt. Should this be doing this?

No. It said you are supposed to run a "low-level dictionary attack using John The Ripper on the IT Mainframe" If you did this correctly, correct path and username, you will hear the distinctive sound that you completed a task. You don't have to do anything further with this password - after the attack you see the password and hear the distinctive sound that the objective was completed. That's all there's to it. Going back to the training module will grant you the certification.

Dunno what else you see there with hashs and stuff and how you did that, but it's definitely not what you are supposed to be doing. Also there's no need to copy anything else other than the path into the password attack module and have it cracking it. That's it. Do not think too much, keep it simple. I'm sure you had already cracked a password in another training before. I've just replayed the training for you to recall how it worked... and completed it without any difficulties, in the blink of an eye. It's really not that hard. Even trial and error would work, because everything that you did wrongly will just produce an "error", a dead end. There are no other different ways to solve a task in this game than the only one the devs wanted you to use. It's a shame, but that's how this game works. CoD is a sandbox game compared to this one. So try everything till it clicks and use the method of elimination if you're stuck. This works just as well. It's as simple as that.

Edit: In an attempt to reproduce what you said you see... neither the wrong target nor the wrong username would give me anything like that but an error. As I said. Hence the correct target and username and the correct attack variant as said in the objectives will get you the password. Are we really talking about the same training: Network Intrusion/Active Directory?

After about 5 restarts of the game, doing the same thing it decrypted the password. It wasnt a case of typing anything wrong. It was a case of having to do it multiple times until the game decided to decrypt the password.

Originally posted by DarkEthanol:

After about 5 restarts of the game, doing the same thing it decrypted the password. It wasnt a case of typing anything wrong. It was a case of having to do it multiple times until the game decided to decrypt the password.

After all. :) Keep in mind: if you type sth. wrong it produces an instant error. It will not try cracking anything at all. The module miraculously knows which users and paths exist and which don't. The output will always be an "error - either target host or username doesn't exist".

So, once you passed this step and you're inside the module's menu to choose the attack type from (SYSTEM.config) you did something correctly, otherwise you would've been stuck already before. But from now on it can behave differently. E.g trying to crack the password but ending up with kinda "couldn't be resolved", which means, you did something right, otherwise you wouldn't have come thus far in the first place, but then you messed it up e.g. when choosing the password attack type (John The Ripper is mostly sufficient, later you might want to try more thorough methods) or, pay attention to this one, in case of hashs: when you try to decyphre such hashs, then you have to additionally check which elements the hash is composed of on the very right side of the attack module (PRINCE.config): first name, second name, age or sth. like that... If you forgot to check the correct variables the module will still try to solve it but not be able to and give you an according error as mentioned above. But at least you knew that you're on the right path (literally) and just had to alter something inside the attack config menu. Trial and error will help here too in case you're stuck. ;) Hope, that helps for further trainings or missions. GL & HF!

If that's the case, then it's a bug that needs to be fixed. post about it in tech support and tag anashel, so they can figure out what happened. (Not sure how often Anashel reads the mission threads. But suspect they pay a lot of attention to tech support )

Thanks for the detailed response. Like i said though, it was exactly the same format everytime. It let me pick the attack type. Then just displayed a hash where the password should be displayed and did not complete the mission. I believe this must be a bug or a feature. I will post this in tech support and see what they say. Thanks again for the help.

Out of curiosity, what was the target path in password attack for this? I'm currently stuck, and I'm really dumb ;-;

Originally posted by DarkEthanol:

I have now figured out the hostname, The problem I am now facing is that the password attack is just throwing at me what looks like a hash. I can not copy this or save it too a file too decrypt. Should this be doing this?

I am stuck with the hostname. I tried the domain but it's not letting me through. :(

Pay closer attention to the ask

Originally posted by Chape:

Pay closer attention to the ask

That does not help in the slightest.

It is requiring the task of "Low-level Dictionary Password Attack using John the Ripper on the IT Mainframe" . There is no IT Mainframe domain from sfuzzer or osintscan. The WMI Scanner only gives the Port# For the IT Mainframe of 8080 to a IBMWatson.. There is no Domain address therefore I can not continue with the Password attack against the username BCHAMBERS .
So as the others, I am stuck aswell. The game has not provided a method of gaining a domain from other soruces and all I have is the sub domains of "mail" "m" "login" for sunshade-corp.com which none will allow the password attack as it states it has the wrong domain.

You can use /erp/it_mainframe from the netscan as the target "URL". It's confusing because you could use mail.sunshade-corp.com in a previous phase of the tutorial. Then you use /erp/it_mainframe in the File Browser, not in the Active Directory. I can't say I understand it yet either.

Just to confirm, you actually have to:

- Open Information Gathering > WMI Scanner
- run "netscan"
- There you find the "/erp/it_mainframe" path
- Now open "Network Intrusion" > "Password Attack"
- Enter HOST: "/erp/it_mainframe" with user "bchambers"
- Check "John the Ripper" and click START

Too many egos make for a poor community experience guys. Thanks to those that tried to help! Hope this helps someone.

NewbNinja