Active any hints

I have the User. I am stuck with root. Please PM me with hints.

Enumerate those PIRNCIPAL things.

@nullsession0x said:
Great box, really enjoyed it. Lots learn. I disagree with people saying all you need is Kali! There are tools out there that you will need to download to enable you to complete this. The tools I used were;
Nullinux - GitHub - m8sec/nullinux: Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
CME (CrackMapExec) - GitHub - byt3bl33d3r/CrackMapExec: A swiss army knife for pentesting networks
ImPacket - GitHub - fortra/impacket: Impacket is a collection of Python classes for working with network protocols.

Enjoy

Got root. Interesting machine. And a lot of things learned!
Thank you for the hints.

Hi all
Can anyone give me any pointers on getting root/admin access to this server. I have the user.txt already.
Thanks!!

@moony8272 said:
Hi all
Can anyone give me any pointers on getting root/admin access to this server. I have the user.txt already.
Thanks!!

Spoiler Removed - Arrexel

I hope this not spoil anything, good luck.

@mcruz said:

@moony8272 said:
Hi all
Can anyone give me any pointers on getting root/admin access to this server. I have the user.txt already.
Thanks!!

Helpful tools
Spoiler Removed - Arrexel

I hope this not spoil anything, good luck.

Thanks again!!!

Just rooted this box - This was a great box to learn on, and learned how to use some great tools. There’s enough hints on this thread to get you going but if anybody needs a little push PM me.

Root:: very , very nice box !!!

Got root. This box was pure ■■■■ for me, since I know very little about windows. I’ve discovered a lot and I’m very happy!

Nice :sunglasses:

Great machine! You really have to have the right versions of j*** or ht to proceed. Lost two days when my ht box died.

finally rooted… thanks for the creater. learn lots of new things. feel free to PM for hints

Besides looking at the obvious share, is the path to user in that share or is it something else or dependent on a specific tool?

Update – Okay, I’m a dumbass, it’s in there…

Awesome box, nothing out of this forum will u need to solve this box.

Thx, great box. All you need is all you have, yet.

Nice box, but struggle with the privesc part.

  • I’ve got user
  • Got some hash to crack
  • Cracking it in the latest version of h*****t will however give a Token length exception

update: looks like a bug in h*****t, an older version does the trick

AWESOME BOX! Gotcha ! for those who wanna get shell just use: without quotes
’ psexec.py domainname/user@machinename cmd ’ (It needs admin credential) or who do not wanna crack the hash you’ve found just pass the hash . Thanks creator of the box I’ve just learned new knowledge and thanks @stahaa for your helpfulness.

I have the initial creds have read a lot about the service and the documented *****roasting attack … but how do I connect to the box?? I have no experience with AD systems.

I have an idea what the service is and what to do but i dont know how to connect or even interact with the service. Can someone please pm and Nudge me in the right direction?

pm me if anyone need help

Rooted :smiley:
Quite a step up after Jerry. Learned a lot.

So i got the what i need for root but i cant find any way to crack it! Tried the cat and the ripper both are giving me all sorts of errors … Any kind soul can help out?