Forest

2456739

Comments

  • edited October 2019

    user ok
    Can I get a hint about root ?

    Thanks

  • Spoiler Removed

  • edited October 2019

    Hey, I managed to get a valid user with a valid password, but i don't know how to use it

    Any hints?

    Tryed to enum all the ports/services but can't found a way to use it.

    EDIT: Gotcha, I'm retarded

  • That was an interesting journey to user nice trick to the tool belt thanks authors

  • Managed to get 6 usernames, but still unsure what to do with them. I'm not really familiar with windows boxes :(

    Vex20k

  • I managed also the get usernames via some scripts (e4lx)

    But I don't know how to get a working password for the users.

  • Like many here, found a list of users but don't know where to go from here, any hints?

  • can anyone nudge me on user. I have 6 users one password for one of the users but not sure where to go with it. have been playing with smb but getting no joy. Please send me a message if you can nudge :)

    Hack The Box

  • edited October 2019

    s

  • Type your comment> @Dec0ne said:

    Like many here, found a list of users but don't know where to go from here, any hints?

    I"m in the same boat. i have no idea what to do against AD, it's a newer thing for me and I'm really weak at it. Even just some articles to read would be helpful!

  • Geez, either this PrivEsc is no joke or I'm missing something blatantly obvious. Hoping it's the former because I feel stupid, lol.

  • Spoiler Removed

  • edited October 2019

    Spoiler Removed

  • So far Priv is so hard for me

  • I got credentials but have still not find out how to use it to get inside.

    If anybody will give me a nudge on this, please DM me. Thx.

  • Any hints on where to look for passwords? I too have found the usernames.

  • enumerated the users but didn't get any passwords or ideas to move forward... Any hints on DM are appreciated thanks

  • edited October 2019

    Just rooted and it was a quite amazing box!
    Hints:

    Initial: Run Basic enumeration scripts

    User: Impacket

    Root: The "Dog" will do the trick!

  • *Spoiler Removed*
  • Hard box for me but I was able to grind it out and learned a ton. Thanks @egre55 @mrb3n

    If you're not familiar with this stuff (like me), you'll be doing a lot of reading. For user, search for attack checklists and work through the possibilities. For root, looking at walkthroughs of retired HTB boxes may help.

  • Got user.txt, but no idea regarding Priv Esc :(

  • Type your comment> @naveen1729 said:

    Hard box for me but I was able to grind it out and learned a ton. Thanks @egre55 @mrb3n

    If you're not familiar with this stuff (like me), you'll be doing a lot of reading. For user, search for attack checklists and work through the possibilities. For root, looking at walkthroughs of retired HTB boxes may help.

    Could you possibly mention which retured HTB boxes you are refering to? :)

    Hack The Box

  • @rbt said:
    Type your comment> @Davincible said:

    @rbt no to capture hashes

    thanks for the hint. got it

    Can you DM me on how you captured the creds pls? Or maybe you have guide on how to do this in generall

  • can anyone point out some specific tools or would that be a spoiler?

  • edited October 2019

    @Digsy said:
    Type your comment> @Freak2600 said:

    I used sparta and got the list of users. Still dont know what to do with them though.

    Same I managed to get a list of users but I have no idea what to do with them

    i have manged to get usernames via smb enumusers, but im little stuck on the way forward, any help to point me in the right direction

  • I'm stuck on creds. get a valid login-pass but couldn't find where to use it. I tried modules like p***c, w*****c and other from the tool, but get permission denied. could someone give a nudge?

  • Only managed to get the usernames too,stuck on the way forward.
    Someone care to point me in the right direction🤷🏾‍♂️
  • edited October 2019

    @3XsAGbKHsb7FPY said:
    I'm stuck on creds. get a valid login-pass but couldn't find where to use it. I tried modules like p***c, w*****c and other from the tool, but get permission denied. could someone give a nudge?

    Im on the exact same spot !
    I dont know if we need to find another user/pass... It looks like our user is at a very low privilege.

    Edit : Nvm, had connection issues.....

  • Type your comment> @Crafty said:

    @3XsAGbKHsb7FPY said:
    I'm stuck on creds. get a valid login-pass but couldn't find where to use it. I tried modules like p***c, w*****c and other from the tool, but get permission denied. could someone give a nudge?

    Im on the exact same spot !
    I dont know if we need to find another user/pass... It looks like our user is at a very low privilege.

    same.
    Thanks to Dreadless, i got the pass.
    I like the box on terms of how many new tools i come across :D
    But stuck again. tried so many things, but none worked. Maybe i just need to pause a day or so.

    Does anyone has good articles of Windows pen testing? I only come across the same old exploit again and again...

  • edited October 2019
    Type your comment> @minimal0 said:
    > Type your comment> @Crafty said:
    >
    > (Quote)
    > same.
    > Thanks to Dreadless, i got the pass.
    > I like the box on terms of how many new tools i come across :D
    > But stuck again. tried so many things, but none worked. Maybe i just need to pause a day or so.
    >
    > Does anyone has good articles of Windows pen testing? I only come across the same old exploit again and again...

    Guys to use p****c or w****c you need writable C$ or ADMIN$ share!
    Check the ports again, one of them can give you a shell if you have a set of valid creds!
Sign In to comment.