Active any hints

I was able to find the Gr****.x** file and obtain the password and decrypt the same. Was able to login and obtain the user flag

@nullsession0x said:
Great box, really enjoyed it. Lots learn. I disagree with people saying all you need is Kali! There are tools out there that you will need to download to enable you to complete this. The tools I used were;
Nullinux - GitHub - m8sec/nullinux: Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
CME (CrackMapExec) - GitHub - byt3bl33d3r/CrackMapExec: A swiss army knife for pentesting networks
ImPacket - GitHub - fortra/impacket: Impacket is a collection of Python classes for working with network protocols.

Enjoy

Thanksā€¦

Iā€™m having a hard time getting to crack the TGS hashes using john the ripper, hashcat wonā€™t run on my VM. Any tips ?

Hi !

After a few hours I managed to get the user flags and know (in theory) what to do to get the root flag but I am not able to generate the S****** T***** with i******* (it says invalid credentialsā€¦) Any tips ?

Should i use Kerberos 5 AS-REQ Pre-Auth etype 23 ?

Got the root flag :smiley: !
Learned a lot on this machine that was really cool, thx for posting it !

Thx a lot to @3poke

hard time cracking password please help PM

Great box, really realistic!

@amlamarra said:
Just got root.txt on this machine. For those of you trying to crack the hash, the default install of John in Kali wonā€™t have the right format. Youā€™ll need to install the Jumbo ā€œversionā€. I followed the instructions here: How to build on Ubuntu Linux [Openwall Community Wiki]

Thanks For the link. Got root.txt finally.

This was really a good machine. Learned a couple of new tools and methods.

Pm if any hints needed.

Someone could help with user I can access only to Reā€¦ share but there is nothing interesting any hints pls

Hi, I was able to got bot user and root flags but I am still wondering whatā€™s really happening behind the hood. I donā€™t wanna spoil anything here so if someone having a good understanding of AD and k******* and i***** could message to answer some of my questions me I would really appreciate :smiley: thx !

@nullsession0x said:
Great box, really enjoyed it. Lots learn. I disagree with people saying all you need is Kali! There are tools out there that you will need to download to enable you to complete this. The tools I used were;
Nullinux - GitHub - m8sec/nullinux: Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
CME (CrackMapExec) - GitHub - byt3bl33d3r/CrackMapExec: A swiss army knife for pentesting networks
ImPacket - GitHub - fortra/impacket: Impacket is a collection of Python classes for working with network protocols.

Enjoy

boot2root just with this post. These links went to my bookmarks. Thanks.

@ZaphodBB said:
Got user ! - now on to root

Feel free to PM for user hint

Hi could you give me some hint ? I can connect to sā€¦ but I can access only to Repā€¦ I donā€™t know how to proceed

Hello. i keep seeing that is easy and fast to get user.txtā€¦ However ive been trying 2 days with this machineā€¦ im using the enumeration tools mentioned in the previous posts, ive found shares only after smb.conf configuration to add smb2 but i cannot get access to any of them (connection failed)ā€¦ any hints for how to continue? thank you

Awesome machine. Very realistic.

i found the password in the G*****.*ml file and was able to decrypt it. i just have no clue what username to use or even where to use it. can someone help me out with a hint?

Edit: found it

Got the root today. actually a great machine to learn about AD. Thanks @Draco123 to the hint. If anyone need a hint, just PM me.

@sheepkiller said:
Hello everyone, if you are having issues with the typical tools mentioned in this forum to connect to the service, itā€™s probably a misconfiguration with your Kali smb.conf file. Here is what I did to fix it:

nano /etc/samba/smb.conf

// In the file, I added the following in the [global] section
client min protocol = SMB2
client max protocol = SMB3

sudo service smbd restart

This FIXED enum4linux for me, enabled those other tools suggested here, and COMPLETELY changed my results and now I feel like things are wide open.

This will probably be useful to anyone using Kali for pentesting

Hi.

i was able to access the G*****.x** file. I have a problem cracking the password. Read here to use the h*****t but i cannot get the correct command. Please if someone can point me to the right directions as i cannot use the tool correctly. Thanks.

EDIT: got user, moving on now to root

Owned and rooted!