Forest

Geez, either this PrivEsc is no joke or I’m missing something blatantly obvious. Hoping it’s the former because I feel stupid, lol.

Spoiler Removed

Spoiler Removed

So far Priv is so hard for me

I got credentials but have still not find out how to use it to get inside.

If anybody will give me a nudge on this, please DM me. Thx.

Any hints on where to look for passwords? I too have found the usernames.

enumerated the users but didn’t get any passwords or ideas to move forward… Any hints on DM are appreciated thanks

Just rooted and it was a quite amazing box!
Hints:

Initial: Run Basic enumeration scripts

User: Impacket

Root: The “Dog” will do the trick!

Spoiler Removed

Hard box for me but I was able to grind it out and learned a ton. Thanks @egre55 @mrb3n

If you’re not familiar with this stuff (like me), you’ll be doing a lot of reading. For user, search for attack checklists and work through the possibilities. For root, looking at walkthroughs of retired HTB boxes may help.

Got user.txt, but no idea regarding Priv Esc :frowning:

Type your comment> @naveen1729 said:

Hard box for me but I was able to grind it out and learned a ton. Thanks @egre55 @mrb3n

If you’re not familiar with this stuff (like me), you’ll be doing a lot of reading. For user, search for attack checklists and work through the possibilities. For root, looking at walkthroughs of retired HTB boxes may help.

Could you possibly mention which retured HTB boxes you are refering to? :slight_smile:

@rbt said:
Type your comment> @Davincible said:

@rbt no to capture hashes

thanks for the hint. got it

Can you DM me on how you captured the creds pls? Or maybe you have guide on how to do this in generall

can anyone point out some specific tools or would that be a spoiler?

@Digsy said:
Type your comment> @Freak2600 said:

I used sparta and got the list of users. Still dont know what to do with them though.

Same I managed to get a list of users but I have no idea what to do with them

i have manged to get usernames via smb enumusers, but im little stuck on the way forward, any help to point me in the right direction

I’m stuck on creds. get a valid login-pass but couldn’t find where to use it. I tried modules like pc, w**c and other from the tool, but get permission denied. could someone give a nudge?

Only managed to get the usernames too,stuck on the way forward.
Someone care to point me in the right direction??‍♂️

@3XsAGbKHsb7FPY said:
I’m stuck on creds. get a valid login-pass but couldn’t find where to use it. I tried modules like pc, w**c and other from the tool, but get permission denied. could someone give a nudge?

Im on the exact same spot !
I dont know if we need to find another user/pass… It looks like our user is at a very low privilege.

Edit : Nvm, had connection issues…

Type your comment> @Crafty said:

@3XsAGbKHsb7FPY said:
I’m stuck on creds. get a valid login-pass but couldn’t find where to use it. I tried modules like pc, w**c and other from the tool, but get permission denied. could someone give a nudge?

Im on the exact same spot !
I dont know if we need to find another user/pass… It looks like our user is at a very low privilege.

same.
Thanks to Dreadless, i got the pass.
I like the box on terms of how many new tools i come across :smiley:
But stuck again. tried so many things, but none worked. Maybe i just need to pause a day or so.

Does anyone has good articles of Windows pen testing? I only come across the same old exploit again and again…

Type your comment> @minimal0 said:

Type your comment> @Crafty said:

(Quote)
same.
Thanks to Dreadless, i got the pass.
I like the box on terms of how many new tools i come across :smiley:
But stuck again. tried so many things, but none worked. Maybe i just need to pause a day or so.

Does anyone has good articles of Windows pen testing? I only come across the same old exploit again and again…

Guys to use pc or wc you need writable C$ or ADMIN$ share!
Check the ports again, one of them can give you a shell if you have a set of valid creds!