Active any hints

Got it. Will admit I’m slightly salty. I forget that these are contrived boxes, so I forget that you’ll actually find these issues. The answer btw is on the very first page. Also the way you get user, also pretty much tells you what method you use to get root.txt.

Can someone PM me for help on getting root? I’m 99% sure I have the hash, but my tools aren’t liking the hash.

Edit: nevermind, I got the tool to start accepting the hash, but will I need a GPU to crack it? I left it running overnight on my laptop, and after 9 hours it was only .39% complete.

Edit: got root. A little salty that this box relied on knowing and having the right tool to finish it out, but an otherwise awesome box!

Anyone please point me in the right direction, I got user flag already. I feel like everyone on this thread has a password hash except me lol. Just a point in the right direction. reading documentation on the tools all of them seem to assume I have Admin user/pass… I must be missing something

Since no one wrote it :
Be careful hashcat can’t handle properly 32bit construct at this time, and will compile a 64 bit kernel no matter what the underlying architecture behind it, giving you bogus result for this type of hash.
The correct format for jtr is $k*****s$23$salt$hash . I won t say more, but i hope it will save time on bogus problem without spoiling.

The box is easy if u know what to do and how to do it (not my case)

  1. For user, enumeration is the key. Once you find the service, just poke around.
    1.1 After you find some files, read them all…one will pop up since it contains user info.
    1.2 Google the file and you’ll know how to crack the password

  2. For root, you’ll have to interact with another service. This was tricky for me since I didn’t know much about it.
    2.1 The forum posts and google will lead you to a red tool.
    2.2 Google what the tool is doing and you’ll learn a lot about it

Agree with others. This was an enjoyable box from the point of view its real world. I personally had not used one of the tools before to get the required K******. Nice learning experience. Feel free to PM me if I can help anyone.

Thanks @Baikuya for helping me with the tips for, thank you very much that the creator blesses you! Go root now!

I have user already, but I’m about to go crazy because I’ve been trying to find out why a certain Ruby Script works without an IV (for a certain cipher) but when I try to use Op***l from the commandline it wont work without an IV. Crypto is not my strong suite, so I’d really appreciate it if someone could PM me and explain to me how the ruby script works (I’ll send it to you over PM, as not to spoil anything) without needing an IV. Thanks!

Edit: nvm I figured it out

Hello to All, i need help because i’m lost!
i have G**s.xml

User.txt took me a short time, Trying to get root now but im totally stuck. Last thing i got isa .b** file with surely useful information in it. But its in screwed format. Not like in Base64 or anything else i saw before. Tried to open it with different extensions but none of them worked. I can really use a hint or advice right now :slight_smile: Thanks

Edit : nvm got root

Hi, i have done a step. i found u**r.txt.
Now i 'm thinking how to be root, but i have not more ideas!

I almost have root i have the Principal and have got the H*** and am trying to run h**t but its saying it will take 14 hours because its running in a VM and no GPU. Has anyone already run it and can give me the output, if i pass the correct command and h file? please PM if this is possible . Thanks

Update: NVM i found hashcat for windows and can do it in 30 mins now :slight_smile:

@NullDay said:
I almost have root i have the Principal and have got the H*** and am trying to run h**t but its saying it will take 14 hours because its running in a VM and no GPU. Has anyone already run it and can give me the output, if i pass the correct command and h file? please PM if this is possible . Thanks

Update: NVM i found hashcat for windows and can do it in 30 mins now :slight_smile:

hi,I have no ideas how to be root,can you give me some hint

@tanghf said:

@NullDay said:
I almost have root i have the Principal and have got the H*** and am trying to run h**t but its saying it will take 14 hours because its running in a VM and no GPU. Has anyone already run it and can give me the output, if i pass the correct command and h file? please PM if this is possible . Thanks

Update: NVM i found hashcat for windows and can do it in 30 mins now :slight_smile:

hi,I have no ideas how to be root,can you give me some hint

id tell you how to get root through hacking K******* but am having my sunday Roast so i think you need to figure out the Principal of hacking a certain service

wasted so many hours trying all out brute force here, but good box, maybe one of my least favorites. Sure i guess its realistic and i learned a bunch about AD but ■■■■■■■■, had no idea i could -request that much info.

Anybody know why my python library (I*****T)'s smb client wont work with this one? i could only get one example to work. I even went in and changed the dialect directly and it seems there is no way to get it to work with 2. I got some issued creds too but couldnt login with them even for low piv. I just dont understand if the stuff was disabled intentionally here or i had some params/config wrong. I feel like **Dump.py, client.py, secrets.py should have worked but i always got a “connection reset” or “couldnt make object for session” error except on one script. not even an access denied or invalid creds.

Hi guys.

I got the user but i have problems getting the root.

I got some L*** info with i******t but i don’t know what is the next step.

Can someone hint me about this ? :frowning:
I will be very grateful.

Got root! Thanks for the creators of this box. Spent almost a month in between getting user and root. I stopped and worked on other boxes because i wasn’t able to grasp the idea of K*******. Great box!

@Baikuya Thanks for the help on this one!

Type your comment> @td00k said:

@h1tch said:
im getting
[-] Kerberos SessionError: KRB_AP_ERR_SKEW(Clock skew too great)
from impact. Latest version via git clone. even ntpdate to the server to match the time. Anyone else have that issue?

You have to change the time of your machine, try to change time like 7min back and see if it works

Hello, my machine time is April 25, 19. I tried to change the time to 15:06:00 on July 19, 18, but I still made an error in Kerberos Session Error: KRB_AP_ERR_SKEW (Clock skew too big). Do you have any suggestions? Thank you very much!

good box