Active any hints



  • Rooted..... thanks to @mez0 and @0zcool .... I have learned alot from this machine... and nice forum ...

  • Literally stuck on Priv Esc, using I******t but it keeps on failing. Any nudge (PM) would be nice.


  • I just got the user... :) I had tried and trouble around like crazy I was trying to much harder and I was thinking it's hard but it's not, you just need to pay a bit attention... I was using 2 tools in the same time to make more sense to understand 1: s****p to make sense and s*******t to get the user, it's very easy to get the user if you make a bit attention, now let's try root, enjoy :)
  • Whew finally got root 2 days after user, was harder and had to piece it all together. Good times

  • can anyone help me please I found username and password in xml file i cracked password but and i logged in to S** but i can't find any file user.txt and root .txt i searched all directories PM me if you can help me :(

  • Good fun learnt alot. Two things that helped me with root


    and gave me a sudden light bulb moment.

  • Not sure where I am going wrong trying to download ***.dit something getting ERROR_DS_DRA_BAD_DN...I have the account, enumeration please PM me or let me know if anyone is around


  • Got user (with I think a workaround) but is it just me, or isn't it possible to get a shell on the machine?

  • @vertering ... I never tried with the user account, but with the admin it's quite easy if you are using the well documented tools. This was a really well thought out/relevant box. One tip, whilst the box itself isn't too hard (plenty of resources explaining this type of attack) I spent most of my time getting my tools installed/working ... had issues with libraries and missing modules. Good luck all.


  • Rooted.

    For PE focus on K******s and get the "IOUDJSOWRIUJISY)(UEPJA"
    Then used hahct to get the password.

  • Hi,
    I'm stuck ! I need some hint on Priv Es. I got a ticket that I'm trying to crack ? am i on the right path ? feel free to pm

  • @Dracarys13 said:
    I'm stuck ! I need some hint on Priv Es. I got a ticket that I'm trying to crack ? am i on the right path ? feel free to pm

    You're on the right path for sure, use hashcat though (rockyou.txt and best64.rule)

  • User was easy, root was somewhat less easy but made me dive into several tools again that I had forgotten. I knew what to do but did not think of ripping the plastic off of my magnum so I ate the wrong one at first. Cool box to get back on after 6-8 weeks not htb-ing a lot.


  • One of the things I encountered, in case anyone else has this, is that, when using im*******, the tools and commands I were using were right, but the tool didn't display the results, so I thought it wasn't working and went back to researching and trying other things. A couple days later I went back and tried the original stuff again, but this time specified an output file. As soon as I did I got the hash I needed and expected to get the whole time. Not sure why that was the issue but it misled me into thinking I was doing the wrong thing. Lesson learned!


  • @otherwhich1 Thank you! I read through that several times but couldn't figure out how to do it from my current box. I was overlooking one of the tool!

  • KyyKyy
    edited September 2018

    Hi, I need help wit the root. I think I got the right tool from i*****t but I just wont get it to work. Could some one PM me? Thanks.

    EDIT: Got the root now. Made things way too complicated to my self when was too tired. Remember to take brake occasionally guys!

  • finally rooted :)
    Big thanks to @asifsohail and @opt1kz

  • PM me for any hints

  • Anyone any suggestions for a good windows box (beginner-intermediate level)?
    Apart from Jerry and Bounty

  • Great machine ! Thanks to @eks and @mrb3n for this one !

    All the hints on this thread will help you to "root" this machine without too much difficulty.

  • is there something up with one of the flags? I'm copying it in but it says its incorrect..

  • for anyone stuck on this box my three hints are syntax,syntax,syntax

  • Uffff! I got this box after some days working on it. A lot of things to learn about looking for and getting the proper resources and tools to get the job done. Nice machine.


  • Going mad about finding the right wordlist for the final hash... Any hint about this?

  • Forget about... Got root! As so often: Check the syntax of your command...

  • For user, where to start? Im absolutely new in ad pentesting. Any hint by pm?
  • Start out with the same thing you always do: scan the target for running services. Once you know what services you have, maybe you should head on over to the "Tools" section of this forum and see if there's any threads about any of those services. Maybe there's some useful info in there. :)


  • Ok, Skunkfoot, ty!
  • Got past the chicken roasting, but I can't manage to crack the pwd, even using h*****t. Using the right hash mode (13100), attack mode (0), rockyou, b64 rules... What am I doing wrong? :(

    Oh and someone wrote to use crackmapexec (no spoil, it's already said), is it for a PtH here? Couldn't get it to work either.

Sign In to comment.