Active any hints

Hi !

After a few hours I managed to get the user flags and know (in theory) what to do to get the root flag but I am not able to generate the S****** T***** with i******* (it says invalid credentials…) Any tips ?

Should i use Kerberos 5 AS-REQ Pre-Auth etype 23 ?

Got the root flag :smiley: !
Learned a lot on this machine that was really cool, thx for posting it !

Thx a lot to @3poke

hard time cracking password please help PM

Great box, really realistic!

@amlamarra said:
Just got root.txt on this machine. For those of you trying to crack the hash, the default install of John in Kali won’t have the right format. You’ll need to install the Jumbo “version”. I followed the instructions here: How to build on Ubuntu Linux [Openwall Community Wiki]

Thanks For the link. Got root.txt finally.

This was really a good machine. Learned a couple of new tools and methods.

Pm if any hints needed.

Someone could help with user I can access only to Re… share but there is nothing interesting any hints pls

Hi, I was able to got bot user and root flags but I am still wondering what’s really happening behind the hood. I don’t wanna spoil anything here so if someone having a good understanding of AD and k******* and i***** could message to answer some of my questions me I would really appreciate :smiley: thx !

@nullsession0x said:
Great box, really enjoyed it. Lots learn. I disagree with people saying all you need is Kali! There are tools out there that you will need to download to enable you to complete this. The tools I used were;
Nullinux - GitHub - m8sec/nullinux: Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
CME (CrackMapExec) - GitHub - byt3bl33d3r/CrackMapExec: A swiss army knife for pentesting networks
ImPacket - GitHub - fortra/impacket: Impacket is a collection of Python classes for working with network protocols.

Enjoy

boot2root just with this post. These links went to my bookmarks. Thanks.

@ZaphodBB said:
Got user ! - now on to root

Feel free to PM for user hint

Hi could you give me some hint ? I can connect to s… but I can access only to Rep… I don’t know how to proceed

Hello. i keep seeing that is easy and fast to get user.txt… However ive been trying 2 days with this machine… im using the enumeration tools mentioned in the previous posts, ive found shares only after smb.conf configuration to add smb2 but i cannot get access to any of them (connection failed)… any hints for how to continue? thank you

Awesome machine. Very realistic.

i found the password in the G*****.*ml file and was able to decrypt it. i just have no clue what username to use or even where to use it. can someone help me out with a hint?

Edit: found it

Got the root today. actually a great machine to learn about AD. Thanks @Draco123 to the hint. If anyone need a hint, just PM me.

@sheepkiller said:
Hello everyone, if you are having issues with the typical tools mentioned in this forum to connect to the service, it’s probably a misconfiguration with your Kali smb.conf file. Here is what I did to fix it:

nano /etc/samba/smb.conf

// In the file, I added the following in the [global] section
client min protocol = SMB2
client max protocol = SMB3

sudo service smbd restart

This FIXED enum4linux for me, enabled those other tools suggested here, and COMPLETELY changed my results and now I feel like things are wide open.

This will probably be useful to anyone using Kali for pentesting

Hi.

i was able to access the G*****.x** file. I have a problem cracking the password. Read here to use the h*****t but i cannot get the correct command. Please if someone can point me to the right directions as i cannot use the tool correctly. Thanks.

EDIT: got user, moving on now to root

Owned and rooted!

Got root…pm for hint…

Hi,

cry out for help here: i do have the user credentials found in the first step. but now i’m looking at PrivEsc. I’f been trying for a few days now and tried alot from the hints i found on this forum here (i can tell you more in pm what i’f done already). Everything commes to a death end eventually. this is only my second box, so i’m not experienced at all, so a bit of guidance would be apprecieated, my PM’s are open

I tried this:

but it didn’t work…am I heading the right way ?