Forest

1192022242539

Comments

  • I got the user credentials but i'm stuck on root tried S****H**** and i couldn't find any path that would help me.
    i'm sure that i'm missing something , but for the first machine i think that i did well getting the user credentials by myself. it's been 4 days, and i really want the answer.
    if can someone PM me with a hint it will be appreciated.

  • Type your comment

  • Hi,
    I have been stuck on root for week.
    Found the path, added the right D****c using Add-*******L to a new user, remote dumping secret doesn't work !

    Can someone PM me,
    H.

  • Can someone help me with finding the initial ntlm hash? I am not sure what I am doing wrong here

  • Type your comment> @fightnerd said:

    Can someone help me with finding the initial ntlm hash? I am not sure what I am doing wrong here

    Nevermind

  • edited December 2019

    Can someone assist me in one of the last steps regarding granting my user rights? I cannot seem to do it to save my life. I assume it's a syntax issue.

    EDIT: Nevermind. I was using the wrong account to run the command in the context of. I think I would have figured it out had I known the version of the powerful tool mattered when running on a remote linux box. I assuming running with runas on Windows wouldn't need it?

  • Lots of new tools learned on this one. Ty @FalseProfit for giving me the tiniest tip to push me to the end! /root

  • so long kerberos

  • I though this is easy T_T Can anyone guide me atleast with the tools huhu... PM Me :'(

  • Anyone available to discuss the final stages of root with me? I keep getting this error and I cannot get past it when using the cat.

    ERROR kuhl_m_lsadump_dcsync ; GetNCChanges: 0x000020f7 (8439)

  • edited December 2019

    Any nudge after cracking the user password?
    =>"Error: An error of type WinRM::WinRMHTTPTransportError happened, message is Unable to parse authorization header."<=
    Google doesn't help me too much..

    Edit: No need anymore... I was forcing evil connection on a wrong port..

    clarkkent

  • edited December 2019

    I can't get S****H****d.ps1 working in the e**l-W***M shell, PM me if you can help me

  • I dont know how to get into root .. PM Me if you can help me~

  • edited December 2019

    I found user s**-a*******, but i donot know how to root.
    I try to run the dog didn't find a path to attack, and the a******.ps1 didn't get useful information.
    who can help me ..

    edit: got it.

  • Also stuck at root, tried multiple combinations for p*ex******.py but getting connection refused everytime.
    Is the user s
    -a******* to be used for that?
    Thanks!

  • i'm only getting shell with evil-*****.rb and its unstable and slow af any suggestions?

  • Been enumerating found 2 domains SMB in the right direction? or think about other ports?

  • Hey all,
    My dog was working. But now
    When I try to walk the dog remotely, I get the following error:
    dns.resolver.NXDOMAIN: None of DNS query names exist.

    Has anyone encountered this ? How did you resolve it ?

  • Type your comment> @inertia said:

    Hey all,
    My dog was working. But now
    When I try to walk the dog remotely, I get the following error:
    dns.resolver.NXDOMAIN: None of DNS query names exist.

    Has anyone encountered this ? How did you resolve it ?

    Never mind . Got help from @mswdr2 !
    Now onto a timeout issue !

  • edited December 2019

    I would appreciate if someone could assist me with some evil syntax. It seems straightforward, so I think I'm missing something else.

    got it, thanks to my own sanity check.

  • edited December 2019

    Hey, first post here, currently trying to figure out how to escalate privileges and am currently stuck on getting either "d****s.e" or P****V***'s command "A-O*******L" to work. The former upon invocation gives me the following error

    00000005: SecErr: DSID-03152870, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
    Insufficient Rights

    the latter in turn tells me it cannot

    CommitChanges ... A constraint violation occurred

    Any hint would be greatly appreciated! Thanks a lot and merry christmas!

    EDIT.: Just managed to root the box. The commands I used were actually the right ones, I had simply overlooked the difference between "M******f" and "G********l" in B********d.

    Arrexel

  • This box required a lot of research I must say. At the end of it, I'm nowhere near understanding Windows AD but this was quite a step in that direction.

    Regardless, PM if you need a nudge.

  • So i have found users through kerberos

  • Anyone on to help with understanding next steps in getting root?

  • Type your comment> @FalseProfit said:

    Can someone assist me in one of the last steps regarding granting my user rights? I cannot seem to do it to save my life. I assume it's a syntax issue.

    EDIT: Nevermind. I was using the wrong account to run the command in the context of. I think I would have figured it out had I known the version of the powerful tool mattered when running on a remote linux box. I assuming running with runas on Windows wouldn't need it?

    I got the initial foothold using i*****t and e**-****m. I'm able to change s*******n's password using a remote RC client. When running runas from the shell provided by e***-****m I cannot enter a password, since the execution returns to the command prompt. Am I on the right path?

    I've been also able to create another user on the domain, but not sure if that's the path I should follow.

    Do I need to walk the dog before getting the user's flag?

    PS: I'm working from a Linux box, BTW

  • Can't get any output from SH and only get CSVs from BH. Can someone please help, been stuck on this for a while now.

  • Type your comment> @IdeaEngine007 said:

    @f3v3r , You need to import the ps module using 'Import-module SharpHound.ps1'.

    I get an error on this command

  • Type your comment> @jenco said:

    Been trying to execute B****H.exe or *.Ps1 but both just fail with out any output. could someone please DM Me. i'm using EW*** for shell. going crazy (loving the challenge, but hit a wall and i'm no longer learning) Please DM.

    did you solve the problem? I get an error

  • Finally got root !!! Thanks to @gverre for the step i missed and the authors for this amazing machine ! Feel free to DM if you need help

  • anybody else getting a bunch of errors when running enum4linux?

Sign In to comment.