Someone could help with user I can access only to Re… share but there is nothing interesting any hints pls
Hi, I was able to got bot user and root flags but I am still wondering what’s really happening behind the hood. I don’t wanna spoil anything here so if someone having a good understanding of AD and k******* and i***** could message to answer some of my questions me I would really appreciate thx !
@nullsession0x said:
Great box, really enjoyed it. Lots learn. I disagree with people saying all you need is Kali! There are tools out there that you will need to download to enable you to complete this. The tools I used were;
Nullinux - GitHub - m8sec/nullinux: Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
CME (CrackMapExec) - GitHub - byt3bl33d3r/CrackMapExec: A swiss army knife for pentesting networks
ImPacket - GitHub - fortra/impacket: Impacket is a collection of Python classes for working with network protocols.Enjoy
boot2root just with this post. These links went to my bookmarks. Thanks.
@ZaphodBB said:
Got user ! - now on to rootFeel free to PM for user hint
Hi could you give me some hint ? I can connect to s… but I can access only to Rep… I don’t know how to proceed
Hello. i keep seeing that is easy and fast to get user.txt… However ive been trying 2 days with this machine… im using the enumeration tools mentioned in the previous posts, ive found shares only after smb.conf configuration to add smb2 but i cannot get access to any of them (connection failed)… any hints for how to continue? thank you
Awesome machine. Very realistic.
i found the password in the G*****.*ml file and was able to decrypt it. i just have no clue what username to use or even where to use it. can someone help me out with a hint?
Edit: found it
Got the root today. actually a great machine to learn about AD. Thanks @Draco123 to the hint. If anyone need a hint, just PM me.
@sheepkiller said:
Hello everyone, if you are having issues with the typical tools mentioned in this forum to connect to the service, it’s probably a misconfiguration with your Kali smb.conf file. Here is what I did to fix it:nano /etc/samba/smb.conf
// In the file, I added the following in the [global] section
client min protocol = SMB2
client max protocol = SMB3sudo service smbd restart
This FIXED enum4linux for me, enabled those other tools suggested here, and COMPLETELY changed my results and now I feel like things are wide open.
This will probably be useful to anyone using Kali for pentesting
Hi.
i was able to access the G*****.x** file. I have a problem cracking the password. Read here to use the h*****t but i cannot get the correct command. Please if someone can point me to the right directions as i cannot use the tool correctly. Thanks.
EDIT: got user, moving on now to root
Owned and rooted!
Got root…pm for hint…
Hi,
cry out for help here: i do have the user credentials found in the first step. but now i’m looking at PrivEsc. I’f been trying for a few days now and tried alot from the hints i found on this forum here (i can tell you more in pm what i’f done already). Everything commes to a death end eventually. this is only my second box, so i’m not experienced at all, so a bit of guidance would be apprecieated, my PM’s are open
I tried this:
but it didn’t work…am I heading the right way ?
I am new and have been completely lost…Could anyone help please PM some hints about where to get started, many thanks.
every time i try to use im******t it just say errno connection error name or service not now
@x00byte said:
every time i try to use im******t it just say errno connection error name or service not now
The furthest I got was this:
[] User SID: S-1-5-21-405608879-3187717380-1996298813-1103
[] Forest SID: S-1-5-21-405608879-3187717380-1996298813
[] Attacking domain controller dc.active.htb
[] dc.active.htb seems not vulnerable (Kerberos SessionError: KDC_ERR_SUMTYPE_NOSUPP(KDC has no support for checksum type))
It’s about time…
Got root.
Really good box, recommend to everyone.
As someone said before, it’s not a CTF style box which is GREAT !!!
Someone please PM me. I can’t do anything with the info I gathered.
I don’t know much about AD but I was able to get User with the tips here. For those that said Impacket got them root/system, I’d appreciate a tip as to what the heck I’m supposed to be doing with Impacket? @nullsession0x @flipflop139874