When attempting the Breaching Active Directory room on Tryhackme.com, do you get the following error: “systemd-resolve: command not found?” This is an error that I came across while developing a livestreaming walk-through for the Breaching Active Directory room (check out the calendar on the cyberspacemanmike.com homepage for more livestreaming events). Early in the hacking exercise, students must connect their AttackBox to Tryhackme’s Active Directory network. To accomplish this, aspiring hackers will need to configure DNS on their AttackBox such that it uses the Domain Controller of the Active Directory network as the Name Server. However, if you are using your own AttackBox over VPN and are running a recent version of Kali Linux and issue the following command:
[thm@thm]$ systemd-resolve --interface breachad --set-dns $THMDCIP --set-domain za.tryhackme.comYou will likely get the error: systemd-resolve: command not found (note that $THMDCIP denotes that it is a “variable,” ie the IP of the THM DC will be unique to your instance of the network). There are several work-arounds for this, including configuring DNS through the GUI, but let’s stay in the CLI and learn more about our linux system…
If systemd-resolve fails, we can sometimes use resolvectl instead. Both are part of the systemd suite of tools for managing system services, including DNS resolution. However, resolvectl is more of a user-facing tool for interacting with systemd-resolved, which is a system service responsible for DNS resolution, caching, and related network operations.
Systemd-resolve is a command-line tool that primarily provides information about the DNS configuration of the system, such as the DNS servers being used, domain names, and so on. It can also be used to set DNS server configurations temporarily.
Resolvectl, on the other hand, provides a broader range of functionalities for managing DNS configurations, including setting DNS servers, domain names, and other related settings. It serves as a more comprehensive tool for managing DNS configurations. Resolvectl builds upon the functionalities provided by systemd-resolve and offers additional features for managing DNS configurations.
It’s worth noting that resolvectl is part of the systemd ecosystem and relies on systemd-resolved for DNS resolution. If systemd-resolved is not running or not available, resolvectl may not function as expected. To check to see if it is running, use the following command:
sudo systemctl status systemd-resolvedIf it is installed but not active, you might consider enabling it:
sudo systemctl enable --now systemd-resolvedTL,DR: With all that being said, running the following commands worked for me and I was able to overcome the systemd-resolve: command not found error:
resolvectl dns breachad $THMDCIP resolvectl domain breachad za.tryhackme.com
Remember to replace the $THMDCIP “variable” with the IP listed under your instance of the THMDC. To ensure that the DNS settings were applied correctly:
resolvectl status breachadTo explicitly test DNS resolution, try using dig or nslookup:
dig @$THMDCIP za.tryhackme.comNote that trying to ensure that the DNS settings were applied correctly can sometimes return false negatives as the settings sometimes take time to evince. When in doubt, I recommend proceeding as if the DNS settings have successfully taken effect until you have conclusive evidence otherwise. If nothing else works however, consider editing /etc/resolv.conf manually. Add the following line:
nameserver $THMDCIPAt this point you should have overcome the “systemd-resolve: command not found” error! Check out the calendar on the cyberspacemanmike.com homepage for more livestreaming events. Thanks!