Forest

1161719212239

Comments

  • I've been bashing my head and keyboard a long time in the route for root.

    I got the evil to walk to the dog and found a path, been able to create an user, but then I'm stuck. Anybody I can PM for questions?

  • hi guys,
    this machine was a new experience for me, i learn more things.
    A special Thanks to Luemmel, chm0dx, dodosstuff
    ;)

  • Type your comment> @NewViking said:

    Tried ***Pwn.py, P*****change.py, nothing works....

    Same, got new user in groups. Can't do anything with it.

  • Got user, got the remote dog working, think i have found the path, got my user as close to the end of the path i can find but now i can not go any further, Can someone please pm me a hint?

  • can someone help me for initial shell? i alredy get the user and cred and now can't do anything with it.

  • Anyone for initial footholds in this box...I have only usernames..that's it....any help with the impacket

  • I have been stuck for a week now on Admin. Here's what I have so far: I have managed to use the remote python version of the dog for getting my graph, but I am not sure where to go from here. I think I see a path from svc-al to FOREST, but I am kind lost so I'd appreciate a nudge (more than anything I think I am suffering from tooling issues)

    I can't also run mimikatz on the box, any command fails.

    SIG

  • edited December 2019

    Can somebody pm me about root? I think i am on the right path, but still can't get it. Some hits would be very much appreciated!

    UPD. got root. it was easier than i thought. I enjoyed this machine, but it is so not an easy level.

    If anybody needs some hits, feel free to PM.

  • edited December 2019

    Finally got root, what a great box. 5 days straight of learning.

    If i could give one piece of info that i could not find easily was all commands people gave to get the time from the server did not match to my time, so clock_skew was killing me.
    This command worked for me
    net time -S 10.10.10.161 -U ""

    Happy to help with any hints needed

  • edited December 2019

    Am I supposed to brute force the hash? (At the last step) Because rock doesn’t pick that up.
    Nope, no bruteforce needed.
    Rooted, PM me for help. Definitely a difficult box.

  • Get root, this is never a easy box, but I learned a lot, great job for the creators of the box

  • Ugh, how do you get past the "Clock skew" issues?

    Hack The Box
    CISSP | eJPT

  • Got root! I agree this box is mis-rated as easy, if only f or the level of prerequisite knowledge.

    Feel free to PM me for help.

  • Stuck on root folks. Walk the dog, added what I needed to. But nothing is working still. any help?

  • Man, I'm stuck after days and reading all of this. I have two users, svc and h******s and only the latter seems to do anything with the dog. I see a route to admin (I think) but after reading through these comments I'm thinking I need to create a new user now? I'm not sure why or how - can someone help me out?

  • edited December 2019

    Wow. This is one of my favorite machines to be honest. VERY realistic, and definitely not an easy box!

    User: impacket and nmap?

    root: dog & impacket because it is not that easy.

    BTW, impacket has different versions, sometimes you may face an issue just because you are using one version instead of the other so keep that in mind.

    Good luck!

    Hack The Box

    OSCE | OSCP | CRTE | GPEN | eCPTX | CREST CRT | GDAT | eCPPTv2 | GWAPT | OSWP | ECSA (Practical)

  • Finally rooted. No way in hell this is an "easy" box, but what a ride! ^^

  • Can someone PM me to help me with root? I been stuck for about a week or so. I have a graph from the dog and believe I know the path to get where I need to be. I'm assuming I am stuck at trying to add another user?

  • Took me 8 days after user to get root and the hints in the forum are enough to get you there. I think there might be multiple paths on this one, but I suggest you not get bogged down in powershell.

  • Should I be using a password or a hash to create my user?

  • The dog is hungry and needs to be fed but the readily available instructions on getting the food to feed the dog don't work. Any help is appreciated!

  • this box was amazing! Thank you very much! more of that please. P.M. me if you need a nudge but study the graph, learn about what it actually means and google!

  • Can someone message me for some help? I'm stuck after making a new user...

  • Finally rooted, was a lot of fun and learning with Active Directory. Thanks to @NewViking and @instasec!

  • Is the ex*****e server a part of this?

  • Hey can somebody please give me a hint about the root part?
    Thanks

  • Well GD - Finally Rooted, millions of thanks to @FatPotato, @instasec and @Tiyeuse.

    This was my first box here and what a box! Took me about 5 days...thoughts:

    1. Tool for Enumeration: nmap and SPARTA!
    2. The imp can Get Users if you ask, then I'd feed those users to the cat!
    3. You'll need a way to get the hound on the right path. I found two ways - either a Sploit of Power or the evil win.
    4. Once you've found the path with the hound, you'll need a way to pwn his over ACLimated ass.
    5. Then his secrets can be dumped and he will be no more!

    I spent way to much time doing that and it's probably not even clever...give me a break my eyes are crossed from staring at this screen for so long.

    PM me if you need help.

  • root tips> @HeXN0P said:

    Can anyone please help about this error ?
    KRB_AP_ERR_SKEW(Clock skew too great)
    I'm currently using Manjaro distro. I can't find a way to set the time to match the server and the nmap take such a long time to run.

    @emptyArray said:
    Well GD - Finally Rooted, millions of thanks to @FatPotato, @instasec and @Tiyeuse.

    This was my first box here and what a box! Took me about 5 days...thoughts:

    1. Tool for Enumeration: nmap and SPARTA!
    2. The imp can Get Users if you ask, then I'd feed those users to the cat!
    3. You'll need a way to get the hound on the right path. I found two ways - either a Sploit of Power or the evil win.
    4. Once you've found the path with the hound, you'll need a way to pwn his over ACLimated ass.
    5. Then his secrets can be dumped and he will be no more!

    I spent way to much time doing that and it's probably not even clever...give me a break my eyes are crossed from staring at this screen for so long.

    PM me if you need help.

    help whit root please

  • edited December 2019

    Hey Guys, need a bit of help. Got users know which tool to use from previous boxes but for some odd reason when specifying domain and n-s argument I get this weird error:

    RemoteOperations failed: [Errno Connection error (FOREST:88)] [Errno 111] Connection refuse

    Did this for all enumerated users. Any ideas?

  • Can someone please help, stuck with Kerberos SessionError: KDC_ERR_WRONG_REALM(Reserved for future use)

Sign In to comment.