Active any hints

Scratch that…I used something else and it cracked in under 5 seconds.

Got root! Second Windows box I’ve done…very cool.

@sheepkiller said:
Hello everyone, if you are having issues with the typical tools mentioned in this forum to connect to the service, it’s probably a misconfiguration with your Kali smb.conf file. Here is what I did to fix it:

nano /etc/samba/smb.conf

// In the file, I added the following in the [global] section
client min protocol = SMB2
client max protocol = SMB3

sudo service smbd restart

Thank you for this, I wasn’t getting anything until I saw this.

@Moliata said:
I spent hours and my brain is washed. I was just trying my first box. Is it related to SMB? Thanks.

yeah but ill say for first box start jerry! i think is one of the easiest box here i started with nibble but asoon as i was able to get some where it got retired

@ssh3ll said:

@sckull said:
I have the pass GPP but not found the user.
i need help xd

sure you didn’t find it? ^^

I found the userName but not work :d

I have the User. I am stuck with root. Please PM me with hints.

Enumerate those PIRNCIPAL things.

@nullsession0x said:
Great box, really enjoyed it. Lots learn. I disagree with people saying all you need is Kali! There are tools out there that you will need to download to enable you to complete this. The tools I used were;
Nullinux - GitHub - m8sec/nullinux: Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
CME (CrackMapExec) - GitHub - byt3bl33d3r/CrackMapExec: A swiss army knife for pentesting networks
ImPacket - GitHub - fortra/impacket: Impacket is a collection of Python classes for working with network protocols.

Enjoy

Got root. Interesting machine. And a lot of things learned!
Thank you for the hints.

Hi all
Can anyone give me any pointers on getting root/admin access to this server. I have the user.txt already.
Thanks!!

@moony8272 said:
Hi all
Can anyone give me any pointers on getting root/admin access to this server. I have the user.txt already.
Thanks!!

Spoiler Removed - Arrexel

I hope this not spoil anything, good luck.

@mcruz said:

@moony8272 said:
Hi all
Can anyone give me any pointers on getting root/admin access to this server. I have the user.txt already.
Thanks!!

Helpful tools
Spoiler Removed - Arrexel

I hope this not spoil anything, good luck.

Thanks again!!!

Just rooted this box - This was a great box to learn on, and learned how to use some great tools. There’s enough hints on this thread to get you going but if anybody needs a little push PM me.

Root:: very , very nice box !!!

Got root. This box was pure ■■■■ for me, since I know very little about windows. I’ve discovered a lot and I’m very happy!

Nice :sunglasses:

Great machine! You really have to have the right versions of j*** or ht to proceed. Lost two days when my ht box died.

finally rooted… thanks for the creater. learn lots of new things. feel free to PM for hints

Besides looking at the obvious share, is the path to user in that share or is it something else or dependent on a specific tool?

Update – Okay, I’m a dumbass, it’s in there…

Awesome box, nothing out of this forum will u need to solve this box.

Thx, great box. All you need is all you have, yet.

Nice box, but struggle with the privesc part.

  • I’ve got user
  • Got some hash to crack
  • Cracking it in the latest version of h*****t will however give a Token length exception

update: looks like a bug in h*****t, an older version does the trick

AWESOME BOX! Gotcha ! for those who wanna get shell just use: without quotes
’ psexec.py domainname/user@machinename cmd ’ (It needs admin credential) or who do not wanna crack the hash you’ve found just pass the hash . Thanks creator of the box I’ve just learned new knowledge and thanks @stahaa for your helpfulness.