Forest

I’m stuck on creds. get a valid login-pass but couldn’t find where to use it. I tried modules like pc, w**c and other from the tool, but get permission denied. could someone give a nudge?

Only managed to get the usernames too,stuck on the way forward.
Someone care to point me in the right direction??‍♂️

@3XsAGbKHsb7FPY said:
I’m stuck on creds. get a valid login-pass but couldn’t find where to use it. I tried modules like pc, w**c and other from the tool, but get permission denied. could someone give a nudge?

Im on the exact same spot !
I dont know if we need to find another user/pass… It looks like our user is at a very low privilege.

Edit : Nvm, had connection issues…

Type your comment> @Crafty said:

@3XsAGbKHsb7FPY said:
I’m stuck on creds. get a valid login-pass but couldn’t find where to use it. I tried modules like pc, w**c and other from the tool, but get permission denied. could someone give a nudge?

Im on the exact same spot !
I dont know if we need to find another user/pass… It looks like our user is at a very low privilege.

same.
Thanks to Dreadless, i got the pass.
I like the box on terms of how many new tools i come across :smiley:
But stuck again. tried so many things, but none worked. Maybe i just need to pause a day or so.

Does anyone has good articles of Windows pen testing? I only come across the same old exploit again and again…

Type your comment> @minimal0 said:

Type your comment> @Crafty said:

(Quote)
same.
Thanks to Dreadless, i got the pass.
I like the box on terms of how many new tools i come across :smiley:
But stuck again. tried so many things, but none worked. Maybe i just need to pause a day or so.

Does anyone has good articles of Windows pen testing? I only come across the same old exploit again and again…

Guys to use pc or wc you need writable C$ or ADMIN$ share!
Check the ports again, one of them can give you a shell if you have a set of valid creds!

Am i right in thinking resp**der is the way to go with this?

rooted
I learnt a lot

I have the users but struggling to find the password everyone is talking about, any nudge is much appreciated

Type your comment> @maimsing said:

I have the users but struggling to find the password everyone is talking about, any nudge is much appreciated

Same here. “Impacket” has a lot in it, a lot of example scripts and appears to cover the panoply of Windows-related services, protocols, and such. I don’t want a spoiler either but a bit of context would be helpful. It sounds like one should be able to retrieve one users credentials? (That sounds fantastical, but my Windows-fu is weaksauce still.)

Just owned root on this box. This is my favorite Windows box so far! I really learned a lot about Active Directory and different ways to obtain Domain Admin - and that’s your hint too. It’s all about AD.

I used multiple tools > @ue4dai said:

Type your comment> @maimsing said:

I have the users but struggling to find the password everyone is talking about, any nudge is much appreciated

Same here. “Impacket” has a lot in it, a lot of example scripts and appears to cover the panoply of Windows-related services, protocols, and such. I don’t want a spoiler either but a bit of context would be helpful. It sounds like one should be able to retrieve one users credentials? (That sounds fantastical, but my Windows-fu is weaksauce still.)

agreed. Can anyone provide a hint besides “rooted, great box, try harder”?

wwahhaaaa fun and really enjoyable machine, previous knowledge certenly helps a lot here but i still ended up getting some new dirt under my fingers.

User: i get reminded of certain types food with this attack.
Root: Create a map of the road through the forest, there are many roads but few which leads where you neeed to go.

Thanks @egre55 @mrb3n

Type your comment> @Ammit said:

Am i right in thinking resp**der is the way to go with this?

Responder is basically a LLMNR poisoner, so you need to be in the same network as the target. So no.

@syn4ps

I dont agree with your premise that its “basically” llmnr poisoning, iv used it pleanty of times here, yes one of the features of the suite does not work due to the way the infrastructure is built, but that does not nullify all the other stuff the application offers.

Got the password for s**o. can’t figure out what to do with it…
p
c is no go because we don’t have write access to A
$…
I must have missed some service which I can login to with those creds.
Nudge pls?

Type your comment> @DaChef said:

Type your comment> @minimal0 said:

Type your comment> @Crafty said:

(Quote)
same.
Thanks to Dreadless, i got the pass.
I like the box on terms of how many new tools i come across :smiley:
But stuck again. tried so many things, but none worked. Maybe i just need to pause a day or so.

Does anyone has good articles of Windows pen testing? I only come across the same old exploit again and again…

Guys to use pc or wc you need writable C$ or ADMIN$ share!
Check the ports again, one of them can give you a shell if you have a set of valid creds!

Thanks a lot! Got it
I feel really dumb right now… :smiley:

Hi any hints on root? tried uploading the cat but through evil***** i think it doesn’t work?

I got a valid username and password pretty easily but now I do not know where to use them. Could someone please pm me a small hint on what I could be missing? Help is much appreciated!

Thanks @pist4chios

It definitely has nothing to do with responder, how embarrassing :smiley:

Finally rooted forest learned A TON for AD some hints are:
User: Check ALL ports after users list don’t overthink it 3 heads are better than one :wink:
Root: Hounds and cats

Thanks @egre55 @mrb3n