Reel

@9999volts said:
Guys if i got to the point of become adm bcku… And still not having permission to read root.txt, what am i doing bad?

Try other thing read other interesting things

This was THE BEST box yet! I loved every step
:slight_smile:

Got user. Loving this machine so far!

Already got user.
I was just wondering if someone was able to get user without using ms?

Was busy with OSCP, but had a moment to do this and it was elaborate!

failed many times to get proper payload and finally got user!
and now stuck with priv sec user t**
i’m new with windows, but this is an interesting box, any help with priv esc appreciated :slight_smile:

Got ROOT! yeah!
One of the best machines. Learned a lot about windows way of “rule them all”. Breaking head through the wall, trying to use powershell, because forget about initial nmap results. I’ll get it another one time a week later after reading some articles from blackhat 17, to remember everything better. Thank you @egre55

Hi all… I have user, and I know where to go next, but am having some trouble getting there… I don’t know if it’s meterpreter or what, but my PS commands seem to run without response. Would appreciate a nudge in the right direction.

init foothold: im trying to send a file based on the tips on the machine to an user but i dont get anything back is this the intended way?

I am soooooo close on this. I can see the file I want, but I can’t open it, copy it, move it or change it’s properties… What am I missing?

Edit: Nevermind! I’m a fool. I need to slow down and read a little more carefully.

Got root! Great box!

powershell issue is solved by issuing “powershell -c -” in meterpreter > shell

Awesome machine.
Incredibly realistic too.

Where to start? Downloaded some files and whats the next step? PM plz
Hack The Box

Got root! If you want to learn a lot about windows AD PrivEsc this is your machine!

Very sad to see that this box is retiring this weekend.

This system is an crazy walk down AD road. Learned loads.

<<< redacted - rooted!!! >>>

@rireoubli said:
Yay, finally got root on this one as well! It was a very good one, thanks to the creator.

And I’d like to share the hint that made it for me when I was stuck for so long: login-logout might help you

Thank you, thank you, thank you.

<<< redacted - rooted!!! >>>

@evandrix said:
stuck on reel @ user c****e, what next?

  1. need to re-run “dog” tool, or output already there is sufficient to PE?
  2. PE to local admin sufficient, or must be da?
  3. maybe my ps1 syntax is wrong, if someone can help (in a pm probably), that would be great

You dont need to re-run anything. The document you have is enough.

This is a useful read: https://wald0.com/?p=112