Active any hints

2456717

Comments

  • > @Vex20k said:
    > I found some credentials, decode it but I can't seem to find the place to use them. Could someone give me a nudge?

    PM if you are still stuck
  • If you found the credentials but don't know where to use them, maybe sit down and think what you'd do if you were a legit user on a Linux workstation in an AD environment and were trying to access shared resources.

  • Any pointers on priv escalation greatly appreciated

    Parttimesecguy

  • edited July 2018

    Spoiler Removed - Arrexel

  • edited July 2018

    I don't want to give spoilers, but hopefully a nudge for anyone looking for Priv Esc. Went down the same route as most but saw the announcement about the patch for that vulnerability being deployed. Went back to basics, in the end, all I needed was on the Kali distro already, there are good examples. It's all about Getting to the Principal of the matter

    R3s0lve

  • edited July 2018

    Spoiler Removed - Arrexel

  • @JunGLeJuiCe OK, got root. Typo error with good examples that i've already tested...

  • Fun box, I wonder how many people rooted it prior to the patch applied... Got to use some more new tools and learned a little more about active....

  • And this box is meant to be easy.... :astonished:

  • edited August 2018

    @nullsession0x said:
    Spoiler Removed - Arrexel

    right place, look harder :)

    lahirukkk

  • I've found creds and decrypted password, what tool would I need to use to get a shell on the box? I've tried smbclient and pth-winexe to no avail

  • @nullsession0x said:
    I've found creds and decrypted password, what tool would I need to use to get a shell on the box? I've tried smbclient and pth-winexe to no avail

    Maybe you don't need a shell. Look at the info you have and google it a bit.
    This box was patched for ms14-068 meaning that the intended path may not need an 'exploit' persay. Its a legit pentesting method, Just think about the principal of the matter. ;)

    Rantrel
    ~|OSCP|~

  • Finally got root thanks to JunGLeJuiCe's tip. If anyone needs hints PM me. It was a fun box indeed learned alot. Windows machines are always tricky and fascinating.

  • I get what I need to look at for getting root thanks to the hinted here, but I'm struggling to find decent reading material to learn how to perform the steps. Could someone PM me some articles or something to help me better understand?

    Largoat

  • I spent hours and my brain is washed. I was just trying my first box. Is it related to SMB? Thanks.

  • edited July 2018

    Got root... would say that very good hints are already provided here for both user and priv esc .

    ninpox

  • > @Moliata said:
    > I spent hours and my brain is washed. I was just trying my first box. Is it related to SMB? Thanks.

    This is not a good first box unless you already know AD, and have experience in mixed AD-Linux environments.
  • Got root) if someone needs a hint pm me

  • Got root, very interesting machine, as people has said is very real and the fact that is on Windows makes it better, thanks to @n01n02H for all the help. Pm if you need any hint!

  • I confirm @Blastware comment, got Domain Admin by this way during a pentest on my office.

  • I don't understand why my enum is not working. I talked to another person and their s**client was working fine but I keep getting connection reset all the time...

  • edited August 2018

    In reply to @mercwri:
    Which box do you recommend to start with?

  • edited August 2018

    Any one able to give me any hints on getting root flag.

  • Also I don't know why people remove my comments as spoilers! It's about helping people

  • can't manage how to use john to do the job

  • @Moliata said:
    In reply to @mercwri:
    Which box do you recommend to start with?

    Perhaps for a start you should have a glance at Jerry's. It's also recommended to work with the retired machines as good write-up's and videos are out directly on the machines's profile site or may ask aunt Google. You can learn a lot from these.

    hopihallido

  • Cracking at 407.1 kH/s - Does anyone wanna give me a hand in regards to what wordlist :)

  • Great box, really enjoyed it. Lots learn. I disagree with people saying all you need is Kali! There are tools out there that you will need to download to enable you to complete this. The tools I used were;
    Nullinux - https://github.com/m8r0wn/nullinux
    CME (CrackMapExec) - https://github.com/byt3bl33d3r/CrackMapExec
    ImPacket - https://github.com/CoreSecurity/impacket

    Enjoy

  • @seiyathesinx said:
    can't manage how to use john to do the job

    You might need a bigger version of John.

Sign In to comment.