Active any hints

finally got user, thanks @Baikuya for the help on the hash. Now on to root…

Hello everyone,

I’ve been attempting this box for the past 3 days, but feel like I’m missing something. I’ve gotten the user flag, but am getting stuck on root. I’ve read all the pages on this thread and I’m 99% sure I’m using the right tools.

Could someone PM me so I can explain what I’m trying in the hopes that someone can point out where I’m going wrong?

I got into the R********ion share and i have been through each and every directory at least 10 times now but i cant seem to find or make sense of what im seeing… Its really fucking my brain,… PM for user nudge please :frowning:

Got the ****.X.L file

Still i cant handle

Privesc im sure im doing the right thing but getting an Error… Please PM … anyone

letting me down :frowning:

Got the hash… ■■■■ its long…Anyone knows what kind of hash this is?

Hey all. I’ve got user, and I -think- I’m on the right path to root, but I’m having issues with decrypting a file. Used Im****** to get user info then download a .c**** file. Catch is, it looks like I have to decrypt it before I can get a hash out of it? Saying more might be spoilery. If someone doesn’t mind shooting me a message to let me know if I’m even in the right ballpark, I’d super appreciate it!

@Gh0stP0tat0 said:
Hey all. I’ve got user, and I -think- I’m on the right path to root, but I’m having issues with decrypting a file. Used Im****** to get user info then download a .c**** file. Catch is, it looks like I have to decrypt it before I can get a hash out of it? Saying more might be spoilery. If someone doesn’t mind shooting me a message to let me know if I’m even in the right ballpark, I’d super appreciate it!

I’ll PM you. :slight_smile:

Very interesting machine. People with some experience of AD pentesting will like it :slight_smile:

Great first box experience. Learned a lot about AD pentesting. PM me if you need help.

This is my favourite box on HTB (move over to second place, Carrier!). My second Windows box ever and absolutely worth the hours of reading to learn new topics! I’m actually going to re-visit this box from scratch to make sure I’ve completely understood all of the lessons it teaches.

Hi all, finally got r00t on this one… you should be able to get that with impacket and your Kali box really… cheers

Hi, I’ve managed to get the initial creds but can’t figure out how to get a foothold on the machine. Could someone PM me a hint? Much appreciated.

edit: Got root on the box. Nice one, this forum + google really helped out

Edit: ■■■ - used the ip for the next box i am enumerating - feeling dumb -_-
Now the scripts work…

Hi together,
got Root - very nice Box - got me to learn some Kerberos stuff.
But i am still not satisfied and want to talk about the different techniques. For privesc i used a very easy technique from me********. (me******** always feels like cheating) I am now trying a certain python script, but could need a little help, because i get a “connection refused”.
Also i am wondering about powershell scripts in generell with kali. I installed the ps linux version from ms, but it seems a lot modules or dependencies are missing. Wasnt there also a way to use ps in metaspoit? Are there some good ressources i could read?
Pls PM me - (or point me to a place where i can talk openly about the box ^ ^) Thanks!

Finally ROOTED, had GREAT help from @Baikuya , very helpful advice~

@darwinyu said:
Finally ROOTED, had GREAT help from @Baikuya , very helpful advice~

You’re welcome buddy. If anyone needs help feel free to PM me.

It looks like that there’s and issue with hashcat, it recognizes hash go trough rockyou and does not crack it… JTR works but there’s ‘special’ version that you need to find, works with

@deda1mraz said:
It looks like that there’s and issue with hashcat, it recognizes hash go trough rockyou and does not crack it… JTR works but there’s ‘special’ version that you need to find, works with

Yes, absolutely special version, and I had to compile it instead of using the existing same version, so weird…