Forest

145791039

Comments

  • edited October 2019

    Type your comment> @jkirsten said:

    Anyone able to help with a hint regarding user shell? I have credentials.

    Check @mcruz comment further up the page

  • I love these realistic machines. This was so much fun.

    For those trying to get a foothold, understand that this box is setup to be extremely real-world, as in, most corporate environments with this kind of technology are going to have this vulnerability. Admins don't always understand the security impacts of configuring certain types of accounts that you'll end up seeing with this box.

    If you happened to get a foothold on a corporate network but didn't have an account to do the more common attacks, what kind of attack can you carry out anonymously to get something that may give you access to an account?

    billbrasky

  • Stuck trying to get ha** for initial creds. Trying to use imp***** (G**NP*****) but keep getting an error (wrong_realm). I've had no previous experience with this, so am quite unsure what I'm doing - any help or nudges would be greatly appreciated!

  • Type your comment> @Cli3nt said:

    The problem is, that in the guides, they just transfer the sharp doggy to the target machine and then execute it, which creates a file. Neither my ps1-file nor my exe-file do anything (executed it from PS or via normal cmd).

    use the -ns

  • @suls said:
    Type your comment> @Cli3nt said:

    Not getting any output from the dog as well! Any ideas?

    Exactly the same place, found a differnt user to use cant find a way to use that user as a shell either from the box or via r***s from a windows box, tried py version of the dog remotely on both kali and linux but get

    The DNS operation timed out after 3.00061106682 seconds

    on both kali and windows, DNS and resolv setup correctly to point at the box so far as i can see, nslookup works ....

    use the -ns

  • Please stop resetting the machine all the time!

  • edited October 2019

    I've got user a while ago and working on root, from what I can gather there are a number of tools that I can use... and from investigation I can honestly say that the documentation associated with these tools fluctuates between non-existent, to borderline sh*te.

    edit That said with perseverance, and a lot of googling I've managed root

    Parttimesecguy

  • Type your comment> @HJFR said:

    Type your comment> @Cli3nt said:

    The problem is, that in the guides, they just transfer the sharp doggy to the target machine and then execute it, which creates a file. Neither my ps1-file nor my exe-file do anything (executed it from PS or via normal cmd).

    use the -ns

    -ns switch of the dog, or nslookup?

  • Type your comment> @garnettk said:

    Type your comment> @HJFR said:

    Type your comment> @Cli3nt said:

    The problem is, that in the guides, they just transfer the sharp doggy to the target machine and then execute it, which creates a file. Neither my ps1-file nor my exe-file do anything (executed it from PS or via normal cmd).

    use the -ns

    -ns switch of the dog, or nslookup?

    dog to force it to use the dns of the server instead the one in your machine.

  • Type your comment> @suls said:

    I dont think the inital user has execution rights

    I think it does. I can execute meterpreter payload to get a meterpreter session. But the same prompt doesn't return anything when i execute the sharp dog.

    For asking help, please describe what you have tried so far, so i don't spoil too much.
    If you believe i was able to help, please provide feedback by giving respect:
    https://www.hackthebox.eu/home/users/profile/122308

  • edited October 2019

    For anyone who is struggling with the Dog after initial user shell:

    go to Dog's GitHub Wiki page and check out "Connection Options"... you might find default setting don't suite your needs

  • I am trying to execute Sh********.ps1 to collect some data from e********m but i am getting no output. Can anyone help me?

  • edited October 2019

    Done and Dusted.

    A very straightforward box, thanks for this awesome box, @egre55 and @mrb3n

    Anyone having difficulties?, shoot me a DM.

    C:>whoami
    htb\administrator

  • Hey guys, I just rooted Forest, however I have some questions regarding this AD vulnerability.

    1. Is there any requirement (like a certain permission, which is necessary for the user) that I can execute the doge on the VM? Or is it just possible to do this in every Active Directory with AD default configuration.
    2. Only with hint, I got to use a certain python tool together with the doge, to go further and get the juicy data. Is there any indication like "if you see this certain structure in the doge result, then try to use this tool" or is it just like "if you can get the doggy file, then always fire up this python script".

    I would be glad, if somebody could answer. Feel free to PM, instead of comment, if you think it is necessary.

    Thanks!

  • edited October 2019

    deleted

  • @f3v3r , You need to import the ps module using 'Import-module SharpHound.ps1'.

  • Need help regarding the actual user shell.
    I've obtained a username and a password, but I've tried attacking all the ports I could find with a lot of the impacket execs (smbexec,psexec,wmiexec), and some metasploit things. The user just seems to have no access to anything meaningful? Appreciate either a DM or a hint here. I feel like I'm really close, but missing something silly

  • Absolutely amazing box! message me for help!

  • Type your comment> @LeonardLeonard said:

    Need help regarding the actual user shell.
    I've obtained a username and a password, but I've tried attacking all the ports I could find with a lot of the impacket execs (smbexec,psexec,wmiexec), and some metasploit things. The user just seems to have no access to anything meaningful? Appreciate either a DM or a hint here. I feel like I'm really close, but missing something silly

    re-enum :) there is something

  • Type your comment> @LeonardLeonard said:

    Need help regarding the actual user shell.
    I've obtained a username and a password, but I've tried attacking all the ports I could find with a lot of the impacket execs (smbexec,psexec,wmiexec), and some metasploit things. The user just seems to have no access to anything meaningful? Appreciate either a DM or a hint here. I feel like I'm really close, but missing something silly

    If you don't know the tool you will never find this, check @mcruz comment on the previous page

  • I did not need to use that dog tool to get root. PTH' in the house. Going to work on learning a little more. It sounds like this is the perfect time to set up that Windows Vm to learn working with that other tool so I will be do that as well. Thanks to the creators. Shout out to @egre55 who is probably my favorite box maker.

    tobor
    Gods make rules. They don't follow them

  • Without a doubt the hardest one I've done so far. Very little experience with windows. Needed alot of help with this one, but hopefully I learned something. Did not even have fun with this box, since there were only a few things I figured out by myself and not looking at some tutorial or asking someone on the forum. Thanks to all those who helped.

    Blaudoom
    Discord: Blaudoom#1254

  • why is my evil program not working? but msf module can log in with creds? same for msf module on RCE that wont connect either?

  • edited October 2019

    Normally don't comment. Really stuck on this one.. Used nmap s*b****u**s.n*e to get users. Not sure if I'm missing some or what, but I can't get the impacket scripts to work without passwords. Banging my head against the wall.

    EDIT: Was totally missing users. All good now.

  • Got user. Could anybody give me some hints on root? That drives me nearly crazy. Plz PM me.

  • edited October 2019

    Type your comment> @suls said:

    Type your comment> @LeonardLeonard said:

    Need help regarding the actual user shell.
    I've obtained a username and a password, but I've tried attacking all the ports I could find with a lot of the impacket execs (smbexec,psexec,wmiexec), and some metasploit things. The user just seems to have no access to anything meaningful? Appreciate either a DM or a hint here. I feel like I'm really close, but missing something silly

    If you don't know the tool you will never find this, check @mcruz comment on the previous page

    I did see it previously, but I couldn't figure out what "EVIL" meant

    EDIT: Nevermind, found it. But now I'm confused as to why all my other tools failed. What made this tool special?

  • Root Is driving me crazy. I used S********d and gives me a path throught a user x***n that does not exists. Is this Path even right?

    Hack The Box

  • Spoiler Removed

  • edited October 2019
    @Nikolay167, specify the complete path of the ps file.

    My bad for the incomplete info :/
Sign In to comment.