Active any hints

Finally rooted. Learned a lot from this. Great box!

Finally Rooted! Good machine with some new tools and new concepts to grasps

Any one care to PM me on priv esc. Really only looking for a Google query. I know what service to exploit via the user name and I know what I’m trying to get so I can decrypt and get a password but my Google Foo has been weak the past couple of day. Any help would be appreciated. Respect will be given.

Just got priv esc! Amazing box, Please HackTheBox keep these realistic environment boxes coming :slight_smile:

If anyone needs any help drop me a pm.

@mitm3r said:

@meni0n said:
I don’t understand why my enum is not working. I talked to another person and their s**client was working fine but I keep getting connection reset all the time…

Try Linux file manager

Thanks… I rooted the box. The issue was with Kali linux… for some reason the s**client from 2017.2 wouldn’t work with this box… I had to use a 2018 version

Can someone drop me a hint please? I got user, but got stuck with root, I think I’ll need to use impacket but not sure how. Thanks

everyone mentioned in impacket
but i can use Metasploit instead of impacket :slight_smile:

Man, did I learn a lot on this box. Most importantly, make sure you are connected to the VPN when you’re testing ■■■■. lol. Seriously though I can give suttle hints if you need them. Just PM me.

Finally got root!! This machine made me a headache at root part =S. A one need to know the tools to get it or you will spend a lot of time to get nothing ^^.
Thanks to @TheInnocent I got root part.
I would glad to help with your questions ! PM

So I’m having some issues getting started. I’ve read all the comments here and nada. I’m trying my hand in security research and i completed the Jerry Box. If anyone would let me pick your brain that would be helpful.

hi all - can anyone hive me a dm for the hint i am having a user and its encrypted password perhaps but bit of a lost, seems i am in a right direction. Thanks

so now i can dump all users but getting errors to execute any commands via same method…

Rooted PM if anyone need helps.

I need some help on the end stretch, I have the decoded password for the priv account. When I try and connect to the shares using that user and pass it wont go through. How do I connect back to start looking into folders using my new user / pass combo?

Rooted PM if anyone need helps.

started to work on this machine yesterday, took half an hour to own user but a bit of google on root path, nice learning experience and this machine takes me to the next level in the ranking.

Little problem i faced which might get solved by resetting the machine before connecting to get the root flag as the tool i was using was through connection reset errors so in a matter of hurry :slight_smile: i went to psexec and pwned via meterpreter. anyone here to DM on how they connect with the service by using privilege credentials?

@mcruz
what dictionary did you use for the krb*** hash ? i tried rockyou with hashcat but it didn’t find anything

UPDATE:‌nvm i got it

Rooted!

Like a lot of others have said before me I learned a lot from this box that I had not encountered much of previously.

If we could get more boxes that focused on real world scenarios that would be really appreciated.

hint pls PM, wondering a hint on how to get the correct type of aes key when priv esc ?

There is one tool not mentioned yet (I think) I would also recommend playing with - if only for the learning experience: ldapsearch.

It is not required to own the box but it can be helpful in the first priv esc steps. I think it is a good skill to learn to enumerate objects in AD from Linux without an ‘exploit tool’, just using ‘native browsing’. The way this box is setup up (ports,…) allows you to do so!