Forest

191012141539

Comments

  • Type your comment> @7h3B4dg3r said:

    Desperately trying to get root for days now. Just give me a nudge: do I need to create a user and login with that user or can I use remote tools to get what i need?
    Because I found an interesting privesc method, but I need to login to use it and I can't find a way to do it. It could be useful to know if I'm losing time or not.

    I used both of them. Using remote tool was the last step.

    bumika

  • can any one help me on PrivEscl using Powshel script. do i need to use old vrzon of H.exe tool as i alwuz get error

  • use whatever whatever version you have installed on kali. easier.

  • Type your comment> @bumika said:

    Type your comment> @7h3B4dg3r said:

    Desperately trying to get root for days now. Just give me a nudge: do I need to create a user and login with that user or can I use remote tools to get what i need?
    Because I found an interesting privesc method, but I need to login to use it and I can't find a way to do it. It could be useful to know if I'm losing time or not.

    I used both of them. Using remote tool was the last step.

    Just to be clear: you managed to login with a user you created on the domain, right? Not just the user needed for the initial foothold.
    Thanks.

  • Type your comment> @7h3B4dg3r said:

    Type your comment> @bumika said:

    Type your comment> @7h3B4dg3r said:

    Desperately trying to get root for days now. Just give me a nudge: do I need to create a user and login with that user or can I use remote tools to get what i need?
    Because I found an interesting privesc method, but I need to login to use it and I can't find a way to do it. It could be useful to know if I'm losing time or not.

    I used both of them. Using remote tool was the last step.

    Just to be clear: you managed to login with a user you created on the domain, right? Not just the user needed for the initial foothold.
    Thanks.

    Absolutely.

    bumika

  • edited November 2019

    Hello to everyone.
    Im kinda stuck, cause I can't get output from Sharp or Blood even with specified domain/ldap port/domain controller and over also Ive tried exec bypass, with no results.
    What should I use instead of Evil and any advice will ve apreciatable; thx

    EDIT: got root, it was cool but no way easy)

    bravo to egre55 & mrb3n

  • who is redman? i am henk :D

    windows 7 is my rig :) if it can't be done on windows, i fail.

  • q1Zq1Z
    edited November 2019

    Absolutely stuck with root, help plz :) done all recon, got user, got users tgt for user....

    got root, looot of thanks to @arale61

  • Anyone able to give some tips on root :)?

  • edited November 2019

    Spoiler Removed

  • edited November 2019

    Spoiler Removed

  • Type your comment> @CLQWN said:

    Anyone able to give some tips on root :)?

    Explore different groups in the domain and how they are connected to each other ;)

    Arrexel

  • I could use some help. I'm having difficulty finding the hash for the users that I was able to retrieved. I've tried every single tool in the Im*****t arsenal but no luck and the earlier posts are not clicking with me. if someone could shoot me a pm to get me back on track that would be greatly appreciated.

  • edited November 2019

    I have found the Impacket scripts but they don't work. I get:

    SessionError: KDC_ERR_PREAUTH_FAILED(Pre-authentication information was invalid)

    or

    SessionKeyDecryptionError: failed to decrypt session key: ciphertext integrity failure

    I have read I need to sync time with the DC, how do I do this?

    I've already tried 'rdate -n forest.htb', which set the time but still the scripts don't work.

    Edit: nevermind, there was a problem with my syntax. Got a hash now ^_^.

  • Rooted after many days messing around with lots of different tools and scripts. So much wouldnt work 'out of the box' and I had to get some sanity checks to make sure I was on the right path as the way I ended up rooting it failed many, many times previously. Learned a lot so its great in that way but in no way is this an easy box, at least not compared to the other easy boxes.

  • finally got root, took me an entire week trying useless things and making small mistakes. this box frustrated me so much that it feels better than orgasm to beat it. feel free to pm for hints/nudges

  • edited November 2019

    edit: nvm

  • edited November 2019

    Edit: I am too quick to ask for help, I think I need read up on B****h***d for a bit and see how that helps.

  • PM for nudges.

  • Rooted and learned a lot about AD environments along the way.

    Feel free to PM for hints if needed.

    Hack The Box

  • I need help with root please, while collecting data I'm getting error with cert, even if I add switch to ignore it it does not work... any hint?

    Arrexel

    |OSCP|OSCE|

  • edited November 2019

    Update.. got it.

  • Pretty sure I am on the right track after getting User by trying to get one of the B****h***d ingestors onto the box but I'm struggling how.

    I tried E***-W**** and can upload using that but cannot execute any PS successfully.

    Can someone let me know what tool I should be using to upload/execute PS/EXE please?

  • Fellow Hackers, Just ran into a wall. I"m working with a python script that results in multiple DNS issues. I have all AD Info and played around with my host file. Still hitting a wall. Adjusting all parameters in the tool with diff -gc names diffrent -ns names. Will appreciate a nudge.

  • Got in with a new user, metasploit can't create a ticket. any nudge for a better tool?

    BadRain

  • Certainly was an enjoyable box. I had alot of rabbit holes that were nothing but extra studying about some tools that weren't needed :p for which I'm glad I went down.

  • Can someone who was able to get output form S***H****.ps1 DM me? Need a nudge. Cannot get any output after trying a multitude of parameters. Also the remote b*********-p***** script gives me a constant DNS timeout.
  • Type your comment> @bumika said:

    Type your comment> @7h3B4dg3r said:

    Type your comment> @bumika said:

    Type your comment> @7h3B4dg3r said:

    Desperately trying to get root for days now. Just give me a nudge: do I need to create a user and login with that user or can I use remote tools to get what i need?
    Because I found an interesting privesc method, but I need to login to use it and I can't find a way to do it. It could be useful to know if I'm losing time or not.

    I used both of them. Using remote tool was the last step.

    Just to be clear: you managed to login with a user you created on the domain, right? Not just the user needed for the initial foothold.
    Thanks.

    Absolutely.

    I managed to log in with that user (shame on me), and I gave it (what I think are) the right permissions to do the trick, but I get a "ERROR_DS_DRA_BAD_DN" error...
    Is there something wrong with permission or is it something else?

  • Type your comment> @7h3B4dg3r said:

    Type your comment> @bumika said:

    Type your comment> @7h3B4dg3r said:

    Type your comment> @bumika said:

    Type your comment> @7h3B4dg3r said:

    Desperately trying to get root for days now. Just give me a nudge: do I need to create a user and login with that user or can I use remote tools to get what i need?
    Because I found an interesting privesc method, but I need to login to use it and I can't find a way to do it. It could be useful to know if I'm losing time or not.

    I used both of them. Using remote tool was the last step.

    Just to be clear: you managed to login with a user you created on the domain, right? Not just the user needed for the initial foothold.
    Thanks.

    Absolutely.

    I managed to log in with that user (shame on me), and I gave it (what I think are) the right permissions to do the trick, but I get a "ERROR_DS_DRA_BAD_DN" error...
    Is there something wrong with permission or is it something else?

    Send a PM me.

    bumika

  • Type your comment> @bumika said:

    Type your comment> @7h3B4dg3r said:

    Type your comment> @bumika said:

    Type your comment> @7h3B4dg3r said:

    Type your comment> @bumika said:

    Type your comment> @7h3B4dg3r said:

    Desperately trying to get root for days now. Just give me a nudge: do I need to create a user and login with that user or can I use remote tools to get what i need?
    Because I found an interesting privesc method, but I need to login to use it and I can't find a way to do it. It could be useful to know if I'm losing time or not.

    I used both of them. Using remote tool was the last step.

    Just to be clear: you managed to login with a user you created on the domain, right? Not just the user needed for the initial foothold.
    Thanks.

    Absolutely.

    I managed to log in with that user (shame on me), and I gave it (what I think are) the right permissions to do the trick, but I get a "ERROR_DS_DRA_BAD_DN" error...
    Is there something wrong with permission or is it something else?

    Send a PM me.

    Nevermind I solved it.
    Thanks anyway. :)

Sign In to comment.