Active any hints

@nullsession0x said:
Great box, really enjoyed it. Lots learn. I disagree with people saying all you need is Kali! There are tools out there that you will need to download to enable you to complete this. The tools I used were;
Nullinux - GitHub - m8sec/nullinux: Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
CME (CrackMapExec) - GitHub - byt3bl33d3r/CrackMapExec: A swiss army knife for pentesting networks
ImPacket - GitHub - fortra/impacket: Impacket is a collection of Python classes for working with network protocols.

Enjoy

boot2root just with this post. These links went to my bookmarks. Thanks.

@ZaphodBB said:
Got user ! - now on to root

Feel free to PM for user hint

Hi could you give me some hint ? I can connect to s… but I can access only to Rep… I don’t know how to proceed

Hello. i keep seeing that is easy and fast to get user.txt… However ive been trying 2 days with this machine… im using the enumeration tools mentioned in the previous posts, ive found shares only after smb.conf configuration to add smb2 but i cannot get access to any of them (connection failed)… any hints for how to continue? thank you

Awesome machine. Very realistic.

i found the password in the G*****.*ml file and was able to decrypt it. i just have no clue what username to use or even where to use it. can someone help me out with a hint?

Edit: found it

Got the root today. actually a great machine to learn about AD. Thanks @Draco123 to the hint. If anyone need a hint, just PM me.

@sheepkiller said:
Hello everyone, if you are having issues with the typical tools mentioned in this forum to connect to the service, it’s probably a misconfiguration with your Kali smb.conf file. Here is what I did to fix it:

nano /etc/samba/smb.conf

// In the file, I added the following in the [global] section
client min protocol = SMB2
client max protocol = SMB3

sudo service smbd restart

This FIXED enum4linux for me, enabled those other tools suggested here, and COMPLETELY changed my results and now I feel like things are wide open.

This will probably be useful to anyone using Kali for pentesting

Hi.

i was able to access the G*****.x** file. I have a problem cracking the password. Read here to use the h*****t but i cannot get the correct command. Please if someone can point me to the right directions as i cannot use the tool correctly. Thanks.

EDIT: got user, moving on now to root

Owned and rooted!

Got root…pm for hint…

Hi,

cry out for help here: i do have the user credentials found in the first step. but now i’m looking at PrivEsc. I’f been trying for a few days now and tried alot from the hints i found on this forum here (i can tell you more in pm what i’f done already). Everything commes to a death end eventually. this is only my second box, so i’m not experienced at all, so a bit of guidance would be apprecieated, my PM’s are open

I tried this:

but it didn’t work…am I heading the right way ?

I am new and have been completely lost…Could anyone help please PM some hints about where to get started, many thanks.

every time i try to use im******t it just say errno connection error name or service not now

@x00byte said:
every time i try to use im******t it just say errno connection error name or service not now

The furthest I got was this:

[] User SID: S-1-5-21-405608879-3187717380-1996298813-1103
[
] Forest SID: S-1-5-21-405608879-3187717380-1996298813
[] Attacking domain controller dc.active.htb
[
] dc.active.htb seems not vulnerable (Kerberos SessionError: KDC_ERR_SUMTYPE_NOSUPP(KDC has no support for checksum type))

It’s about time…
Got root.

Really good box, recommend to everyone.
As someone said before, it’s not a CTF style box which is GREAT !!!

Someone please PM me. I can’t do anything with the info I gathered.

I don’t know much about AD but I was able to get User with the tips here. For those that said Impacket got them root/system, I’d appreciate a tip as to what the heck I’m supposed to be doing with Impacket? @nullsession0x @flipflop139874

Got root.

  1. For privesc you need the right tooling
  2. If you got what you need you dont need to do it on dedicated kali. VM will do it.
  3. Tickets need to be roasted.

Gang, I have admin user’s crypto material which I should be able to crack with hashcat or JtR, HC can recognize format but rockyou does not crack password, according to info from few of you it should. JtR does not recognize format at all, it’s documented issue. It would be awesome to get some help to overcome this last issue! :slight_smile: Cheers!