Active any hints

Someone could help with user I can access only to Re… share but there is nothing interesting any hints pls

Hi, I was able to got bot user and root flags but I am still wondering what’s really happening behind the hood. I don’t wanna spoil anything here so if someone having a good understanding of AD and k******* and i***** could message to answer some of my questions me I would really appreciate :smiley: thx !

@nullsession0x said:
Great box, really enjoyed it. Lots learn. I disagree with people saying all you need is Kali! There are tools out there that you will need to download to enable you to complete this. The tools I used were;
Nullinux - GitHub - m8sec/nullinux: Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
CME (CrackMapExec) - GitHub - byt3bl33d3r/CrackMapExec: A swiss army knife for pentesting networks
ImPacket - GitHub - fortra/impacket: Impacket is a collection of Python classes for working with network protocols.

Enjoy

boot2root just with this post. These links went to my bookmarks. Thanks.

@ZaphodBB said:
Got user ! - now on to root

Feel free to PM for user hint

Hi could you give me some hint ? I can connect to s… but I can access only to Rep… I don’t know how to proceed

Hello. i keep seeing that is easy and fast to get user.txt… However ive been trying 2 days with this machine… im using the enumeration tools mentioned in the previous posts, ive found shares only after smb.conf configuration to add smb2 but i cannot get access to any of them (connection failed)… any hints for how to continue? thank you

Awesome machine. Very realistic.

i found the password in the G*****.*ml file and was able to decrypt it. i just have no clue what username to use or even where to use it. can someone help me out with a hint?

Edit: found it

Got the root today. actually a great machine to learn about AD. Thanks @Draco123 to the hint. If anyone need a hint, just PM me.

@sheepkiller said:
Hello everyone, if you are having issues with the typical tools mentioned in this forum to connect to the service, it’s probably a misconfiguration with your Kali smb.conf file. Here is what I did to fix it:

nano /etc/samba/smb.conf

// In the file, I added the following in the [global] section
client min protocol = SMB2
client max protocol = SMB3

sudo service smbd restart

This FIXED enum4linux for me, enabled those other tools suggested here, and COMPLETELY changed my results and now I feel like things are wide open.

This will probably be useful to anyone using Kali for pentesting

Hi.

i was able to access the G*****.x** file. I have a problem cracking the password. Read here to use the h*****t but i cannot get the correct command. Please if someone can point me to the right directions as i cannot use the tool correctly. Thanks.

EDIT: got user, moving on now to root

Owned and rooted!

Got root…pm for hint…

Hi,

cry out for help here: i do have the user credentials found in the first step. but now i’m looking at PrivEsc. I’f been trying for a few days now and tried alot from the hints i found on this forum here (i can tell you more in pm what i’f done already). Everything commes to a death end eventually. this is only my second box, so i’m not experienced at all, so a bit of guidance would be apprecieated, my PM’s are open

I tried this:

but it didn’t work…am I heading the right way ?

I am new and have been completely lost…Could anyone help please PM some hints about where to get started, many thanks.

every time i try to use im******t it just say errno connection error name or service not now

@x00byte said:
every time i try to use im******t it just say errno connection error name or service not now

The furthest I got was this:

[] User SID: S-1-5-21-405608879-3187717380-1996298813-1103
[
] Forest SID: S-1-5-21-405608879-3187717380-1996298813
[] Attacking domain controller dc.active.htb
[
] dc.active.htb seems not vulnerable (Kerberos SessionError: KDC_ERR_SUMTYPE_NOSUPP(KDC has no support for checksum type))

It’s about time…
Got root.

Really good box, recommend to everyone.
As someone said before, it’s not a CTF style box which is GREAT !!!

Someone please PM me. I can’t do anything with the info I gathered.

I don’t know much about AD but I was able to get User with the tips here. For those that said Impacket got them root/system, I’d appreciate a tip as to what the heck I’m supposed to be doing with Impacket? @nullsession0x @flipflop139874