Active any hints

Rooted!

Like a lot of others have said before me I learned a lot from this box that I had not encountered much of previously.

If we could get more boxes that focused on real world scenarios that would be really appreciated.

hint pls PM, wondering a hint on how to get the correct type of aes key when priv esc ?

There is one tool not mentioned yet (I think) I would also recommend playing with - if only for the learning experience: ldapsearch.

It is not required to own the box but it can be helpful in the first priv esc steps. I think it is a good skill to learn to enumerate objects in AD from Linux without an ‘exploit tool’, just using ‘native browsing’. The way this box is setup up (ports,…) allows you to do so!

Awesome Box ! Rooted !

@masuse said:
hi all - can anyone hive me a dm for the hint i am having a user and its encrypted password perhaps but bit of a lost, seems i am in a right direction. Thanks

Just decrypt it with popular tool :slight_smile:

by the way, don’t forget the correct parameter and common dict.

@takuma said:

@masusekhan said:
hi all - can anyone hive me a dm for the hint i am having a user and its encrypted password perhaps but bit of a lost, seems i am in a right direction. Thanks

Just decrypt it with popular tool :slight_smile:

by the way, don’t forget the correct parameter and common dict.

thanks. rooted yesterday itself. nice experience.

A good machine. Taught me some neat things about AD, how to wield a new set of tools, and general authentication methods in the Windows operating system.

Do I need to go beyond the Sc*** shell to get to root? I know I can do more research but everything I’ve read seems to say I need Powershell.

Thanks!

I guess someone maybe messes up the machine because I can get a shell with system permission.

Can anyone PM me with any hints on privesc?

Rooted! This box is awesome. Learned a lot!!

Feel free to PM if you need hints!

This is the box which really taught me lessons! was a very nice experience.

Thanks Rooted

ok, I know i can connect to a hidden share as annoymous, but this does not seem to do much for me… I suspect i need to connect as a user… were do i find the user/credentials? one of the other services like ldap maybe? please help :slight_smile:

I know i can put files and get files also on this service, but i dont’ know what to put or get, lol…

Hello,

I still didn’t get the initial foot in. I enumerated the server and found many services.
I can read that first step is getting something from the S** service. I used many diferent tools such as e4x and sct or nlx, but they all return null results. I can’t enumerate anything further on this service.

Did you guys manage to enumerate it with tools normally?

Thank you and regards :slight_smile:

found it! :slight_smile:
finding which i could have read access to help.
this cool was great
smbmap

I need a nudge on getting user. I think I am looking in the right place, just need a nudge.

rooted, so much learning and so much i will be using for a long time!
thanks to @mcruz for pointing me in right direction and thanks to Tim medin for creating awesome lecure videos :slight_smile:

Rooted! Thanks to 0zcool for help regarding using command with the right parameter.This box taught me a lesson. It was fun. You don’t need shell to get root.