Active any hints

11112131416

Comments

  • may i take some help for this machine?

  • finally got user, thanks @Baikuya for the help on the hash. Now on to root...

  • Hello everyone,

    I've been attempting this box for the past 3 days, but feel like I'm missing something. I've gotten the user flag, but am getting stuck on root. I've read all the pages on this thread and I'm 99% sure I'm using the right tools.

    Could someone PM me so I can explain what I'm trying in the hopes that someone can point out where I'm going wrong?

    tdreilloc

  • I got into the R********ion share and i have been through each and every directory at least 10 times now but i cant seem to find or make sense of what im seeing.... Its really fucking my brain,...... PM for user nudge please :(

    LordeDestro

  • Got the ****.X.L file

    LordeDestro

  • Still i cant handle

  • Privesc im sure im doing the right thing but getting an Error... Please PM .... anyone

    LordeDestro

  • letting me down :(

    LordeDestro

  • Got the hash...... Damn its long.............Anyone knows what kind of hash this is?

    LordeDestro

  • Hey all. I've got user, and I -think- I'm on the right path to root, but I'm having issues with decrypting a file. Used Im****** to get user info then download a .c**** file. Catch is, it looks like I have to decrypt it before I can get a hash out of it? Saying more might be spoilery. If someone doesn't mind shooting me a message to let me know if I'm even in the right ballpark, I'd super appreciate it!

  • @Gh0stP0tat0 said:
    Hey all. I've got user, and I -think- I'm on the right path to root, but I'm having issues with decrypting a file. Used Im****** to get user info then download a .c**** file. Catch is, it looks like I have to decrypt it before I can get a hash out of it? Saying more might be spoilery. If someone doesn't mind shooting me a message to let me know if I'm even in the right ballpark, I'd super appreciate it!

    I'll PM you. :)

  • Very interesting machine. People with some experience of AD pentesting will like it :)

  • Great first box experience. Learned a lot about AD pentesting. PM me if you need help.

  • This is my favourite box on HTB (move over to second place, Carrier!). My second Windows box ever and absolutely worth the hours of reading to learn new topics! I'm actually going to re-visit this box from scratch to make sure I've completely understood all of the lessons it teaches.

  • Hi all, finally got r00t on this one.. you should be able to get that with impacket and your Kali box really.. cheers

  • edited November 2018

    Hi, I've managed to get the initial creds but can't figure out how to get a foothold on the machine. Could someone PM me a hint? Much appreciated.

    edit: Got root on the box. Nice one, this forum + google really helped out

  • edited November 2018

    Edit: omg - used the ip for the next box i am enumerating - feeling dumb -_-
    Now the scripts work...

    Hi together,
    got Root - very nice Box - got me to learn some Kerberos stuff.
    But i am still not satisfied and want to talk about the different techniques. For privesc i used a very easy technique from me********. (me******** always feels like cheating) I am now trying a certain python script, but could need a little help, because i get a "connection refused".
    Also i am wondering about powershell scripts in generell with kali. I installed the ps linux version from ms, but it seems a lot modules or dependencies are missing. Wasnt there also a way to use ps in metaspoit? Are there some good ressources i could read?
    Pls PM me - (or point me to a place where i can talk openly about the box ^ ^) Thanks!

  • Finally ROOTED, had GREAT help from @Baikuya , very helpful advice~

  • @darwinyu said:
    Finally ROOTED, had GREAT help from @Baikuya , very helpful advice~

    You're welcome buddy. If anyone needs help feel free to PM me.

    Baikuya
    OSCP

  • It looks like that there's and issue with hashcat, it recognizes hash go trough rockyou and does not crack it... JTR works but there's 'special' version that you need to find, works with

    Arrexel

    |OSCP|OSCE|

  • @deda1mraz said:
    It looks like that there's and issue with hashcat, it recognizes hash go trough rockyou and does not crack it... JTR works but there's 'special' version that you need to find, works with

    Yes, absolutely special version, and I had to compile it instead of using the existing same version, so weird..

  • stuck in R*********** sh**e. Not seeing any .x*l files
    Only two items in p******* dir. any nudges pls?

  • @mezcla said:
    stuck in R*********** sh**e. Not seeing any .x*l files
    Only two items in p******* dir. any nudges pls?

    You need to go through every folder in the shares till you find it , it's there .

    Hack The Box

  • edited November 2018

    Anyone else getting rpc_access_denied when trying to se*******mp.py the hashes with the user creds?
    Am I missing something or is I*****t failing ?

  • rooted it! :)

  • finally got root. it was a nice box. Thanks for the great effort you put into this. It was a good machine where I learned alot

  • edited November 2018

    Got it. Will admit I'm slightly salty. I forget that these are contrived boxes, so I forget that you'll actually find these issues. The answer btw is on the very first page. Also the way you get user, also pretty much tells you what method you use to get root.txt.

  • edited November 2018

    Can someone PM me for help on getting root? I'm 99% sure I have the hash, but my tools aren't liking the hash.

    Edit: nevermind, I got the tool to start accepting the hash, but will I need a GPU to crack it? I left it running overnight on my laptop, and after 9 hours it was only .39% complete.

    Edit: got root. A little salty that this box relied on knowing and having the right tool to finish it out, but an otherwise awesome box!

    b1gbroth3r

  • Anyone please point me in the right direction, I got user flag already. I feel like everyone on this thread has a password hash except me lol. Just a point in the right direction. reading documentation on the tools all of them seem to assume I have Admin user/pass... I must be missing something

  • edited November 2018

    Since no one wrote it :
    Be careful hashcat can't handle properly 32bit construct at this time, and will compile a 64 bit kernel no matter what the underlying architecture behind it, giving you bogus result for this type of hash.
    The correct format for jtr is $k*****s$23$salt$hash . I won t say more, but i hope it will save time on bogus problem without spoiling.

Sign In to comment.