Active any hints

Looking for some tips in PMs for root to go over specific fine details and determine if my tools/libs are messed up, or if I’m using them in the wrong way. Thanks

Anyone able to give good research topics for root? I think I know that I need to go after K*****s T****t but cant seem to find any good resources for that with Kali.

@Shank3r26 said:
Anyone able to give good research topics for root? I think I know that I need to go after K*****s T****t but cant seem to find any good resources for that with Kali.

I have been working on it as well but to no avail just went back to the beginning of this thread and found out that the attack I’m using doesn’t work haha

@Shank3r26, as cyb3rsinn3r linked above, the three posts on room362.com got me through PE. There are three posts total, and go through the process for a variety of tools. I also used just one tool listed there.

@Underworld said:
I got the clock skew issue too! Its when your local clock date in Kali is quite different from the remote machine. I set my Kali Date/Time zone to be automatic and from the internet (it was way off). That fixed it

Thank you! that solved my issue …
Also, thank you @Mapperist . Your post helped alot.

Anyone struggling with PE should read cyb3rsinn3r post above. It shall lead you to root.

Rooted… thanks to @mez0 and @0zcool … I have learned alot from this machine… and nice forum …

Literally stuck on Priv Esc, using I******t but it keeps on failing. Any nudge (PM) would be nice.

I just got the user… :slight_smile: I had tried and trouble around like crazy I was trying to much harder and I was thinking it’s hard but it’s not, you just need to pay a bit attention… I was using 2 tools in the same time to make more sense to understand 1: sp to make sense and s***t to get the user, it’s very easy to get the user if you make a bit attention, now let’s try root, enjoy :slight_smile:

Whew finally got root 2 days after user, was harder and had to piece it all together. Good times

can anyone help me please I found username and password in xml file i cracked password but and i logged in to S** but i can’t find any file user.txt and root .txt i searched all directories PM me if you can help me :frowning:

Good fun learnt alot. Two things that helped me with root

Impacket

and

About Kerberos Principals and Keys gave me a sudden light bulb moment.

Not sure where I am going wrong trying to download ***.dit something getting ERROR_DS_DRA_BAD_DN…I have the account, enumeration please PM me or let me know if anyone is around

Got user (with I think a workaround) but is it just me, or isn’t it possible to get a shell on the machine?

@vertering … I never tried with the user account, but with the admin it’s quite easy if you are using the well documented tools. This was a really well thought out/relevant box. One tip, whilst the box itself isn’t too hard (plenty of resources explaining this type of attack) I spent most of my time getting my tools installed/working … had issues with libraries and missing modules. Good luck all.

Rooted.

For PE focus on K****s and get the "IOUDJSOWRIUJISY)(UEPJA"
Then used ha
hc
t to get the password.

Hi,
I’m stuck ! I need some hint on Priv Es. I got a ticket that I’m trying to crack ? am i on the right path ? feel free to pm

@Dracarys13 said:
Hi,
I’m stuck ! I need some hint on Priv Es. I got a ticket that I’m trying to crack ? am i on the right path ? feel free to pm

You’re on the right path for sure, use hashcat though (rockyou.txt and best64.rule)

User was easy, root was somewhat less easy but made me dive into several tools again that I had forgotten. I knew what to do but did not think of ripping the plastic off of my magnum so I ate the wrong one at first. Cool box to get back on after 6-8 weeks not htb-ing a lot.

One of the things I encountered, in case anyone else has this, is that, when using im*******, the tools and commands I were using were right, but the tool didn’t display the results, so I thought it wasn’t working and went back to researching and trying other things. A couple days later I went back and tried the original stuff again, but this time specified an output file. As soon as I did I got the hash I needed and expected to get the whole time. Not sure why that was the issue but it misled me into thinking I was doing the wrong thing. Lesson learned!

Rooted :wink: