Sauna

Starting the thread for this new Windows box from none other than the machine approving man @egotisticalSW himself

«13456722

Comments

  • Hype Train Incoming!

    image

  • edited February 15

    I bet first blood on 27 mins...

    OBV NOT FROM ME

  • Type your comment> @davihack said:

    I bet first blood on 27 mins...

    OBV NOT FROM ME

    Hahahaha you know it

    • Stay hungry
  • I bet first blood on 27 mins...

    OBV NOT FROM ME

    perhaps even faster, box name and icon is revealing too much

  • instructions unclear. Put my PC in a sauna.

  • Damm, I'm ready!!!

    ++++++++++++++++++++++++++++++++++++++++++++++++++

    Str0ng3erG3ek

    +respect me if I helped you :}

  • roast that dog lol

    Arrexel
    OSCP | I'm not a rapper

  • first blood and i'm not even finished scanning.

    image

  • Got a website and potential usernames, but nothing else

    Hack The Box

  • no particular information regarding the classic enumeration, the null sessions seem not to work. Maybe the only solution is to study the website and think of a rev shell but it's all very slow :cold_sweat:

  • edited February 15

    User Blood : InfoSecJack 00 days, 00 hours, 17 mins, 42 seconds.
    Damn how you guys make it so fast??? :smile:
    Congrats!

    Hack The Box

  • LOL This scan is taking painfully long time. Nmap says that it's one hour remaining in my case. Is this machine under THAT much load right now?

  • Type your comment> @Bl4ckB0y said:

    LOL This scan is taking painfully long time. Nmap says that it's one hour remaining in my case. Is this machine under THAT much load right now?

    I often can't even connect to the box.

    FlatMarsSociet

  • edited February 15

    Machine is working fine for me on EU Freem but so far its really kicking my ass for an easy box lol can't get an initial foothold at all.

    Found plenty of open ports but absolutely nothing useful on any of them other than the domain name. Studied all the source code and HTTP requests on the website and got nothing useful, no anon access to SMB or anything else, and even though I can get some very basic info from L*** I can't actually get any usernames or anything interesting. Dirbuster didn't find anything on the website either and its all just plain HTML with no javascript to look at or anything like that, so I'm pretty stumped and might have to resort to just throwing random impacket scripts at it lol

  • Type your comment> @VbScrub said:

    Machine is working fine for me on EU Freem but so far its really kicking my ass for an easy box lol can't get an initial foothold at all.

    Found plenty of open ports but absolutely nothing useful on any of them other than the domain name. Studied all the source code and HTTP requests on the website and got nothing useful, no anon access to SMB or anything else, and even though I can get some very basic info from L*** I can't actually get any usernames or anything interesting. Dirbuster didn't find anything on the website either and its all just plain HTML with no javascript to look at or anything like that, so I'm pretty stumped and might have to resort to just throwing random impacket scripts at it lol

    We took the exact same path lol - and I'm as stuck as you are. The website is empty, there's a form with an error message suggesting to try different request methods cause POST isn't allow but no luck, except for a little thing. But I don't think it is anything, it's just Windows IIS and I'm pretty tired. Maybe check it out ;)

    Hack The Box

  • same here bro! and for the rest of my team....

    madhack
    If you need help with something, PM me how far you've got already, what you've tried etc.
    Discord: MadHack#6530

  • Type your comment> @VbScrub said:

    Machine is working fine for me on EU Freem but so far its really kicking my ass for an easy box lol can't get an initial foothold at all.

    Found plenty of open ports but absolutely nothing useful on any of them other than the domain name. Studied all the source code and HTTP requests on the website and got nothing useful, no anon access to SMB or anything else, and even though I can get some very basic info from L*** I can't actually get any usernames or anything interesting. Dirbuster didn't find anything on the website either and its all just plain HTML with no javascript to look at or anything like that, so I'm pretty stumped and might have to resort to just throwing random impacket scripts at it lol

    I am in a very similar situation lol

    Hack The Box

  • Is the user H... S.... the good path?

  • Type your comment> @gverre said:

    Is the user H... S.... the good path?

    That's the only user I've found so I assume so, but trouble is I can't get anything more than his full name. Can't get username or anything like that

  • Found only one user and every tool related to the attack hinted in the website are not working...

  • LOL...I just started it, it hasn't been up for more than an hour and half, and the two bloods were taken already! damn!

    Hack The Box
    CISSP

  • Found user s..a, but don't see a way to utilize it

  • edited February 16

    Rooted ! :)

    Some hints :

    • For user : google "AD attacks" and try to find valid users
    • For root : basic enum and then check for AD rights

    PM if you need more help !

  • What? They can't print money? Guess that would be a RICO[h] act violation.
    (Inside job, er joke.)

  • Are you guys using a linux or a Windows attack box?

    FlatMarsSociet

  • kali here

    madhack
    If you need help with something, PM me how far you've got already, what you've tried etc.
    Discord: MadHack#6530

  • found one valid user but no roasting here

    Arrexel
    OSCP | I'm not a rapper

  • I got H*** S**** with an enum, but impossible to find his SID or his username... Any hints ?

  • Is AD atack is related to IPV6?

  • just observation... apart loren ipsum stuff there is also a bunch of random letters in tags. any use for them?

Sign In to comment.