Thanks @pist4chios
It definitely has nothing to do with responder, how embarrassing
Thanks @pist4chios
It definitely has nothing to do with responder, how embarrassing
Finally rooted forest learned A TON for AD some hints are:
User: Check ALL ports after users list don’t overthink it 3 heads are better than one
Root: Hounds and cats
Anyone willing to give me a nudge in the right direction for finding user’s pass? I haven’t been able to find a way to dump more info and i don’t think i’m supposed to be brute forcing?
got r00t. I found an easier way to pwn the admin account which didnt even require me to interact with the powershell or do any exploitation.
Hints :
user - enumerate, do google researches on what you can get from the services in the open ports.
r00t - impacket. Play with the tools. It’s so simple. Just learn what they do and you will know which one you need
Great Box.
Type your comment> @rbt said:
got r00t. I found an easier way to pwn the admin account which didnt even require me to interact with the powershell or do any exploitation.
Hints :
user - enumerate, do google researches on what you can get from the services in the open ports.
r00t - impacket. Play with the tools. It’s so simple. Just learn what they do and you will know which one you needGreat Box.
Oooh. I thought that impacket was needed for user.
Still a bit overwhelmed where to look regarding user, but I will stop mucking about with impacket for the time being then and go recon-a-go-go again-o.
Type your comment> @ue4dai said:
Type your comment> @rbt said:
got r00t. I found an easier way to pwn the admin account which didnt even require me to interact with the powershell or do any exploitation.
Hints :
user - enumerate, do google researches on what you can get from the services in the open ports.
r00t - impacket. Play with the tools. It’s so simple. Just learn what they do and you will know which one you needGreat Box.
Oooh. I thought that impacket was needed for user.
Still a bit overwhelmed where to look regarding user, but I will stop mucking about with impacket for the time being then and go recon-a-go-go again-o.
Impacket unlocks both user and r00t. Just different tools for each.
Impacket unlocks both user and r00t. Just different tools for each.
Don’t think this is fully possible for root though it’s possible to get lucky…
(EDIT: I mean only using impacket for root but please PM me if I’m wrong, would love to learn something new)
Spoiler Removed
Type your comment> @DaChef said:
Just rooted and it was a quite amazing box!
Hints:Initial: Run Basic enumeration scripts
User: Impacket
Root: The “Dog” will do the trick!
Any chance you can DM me what the “Dog” is lol
Anyone who has used the “dog” can you help? can’t seem to get it to run…
Really good box, learned alot!
Here are some tips
User: Look at all the different services available to you, research all the different techniques to exploit them. once you have creds, use the higher port to get a shell. There’s a really useful tool someone posted here on the forums you can use to help.
Root: You should know by now what the role of this machine in a network is. If you’ve researched privilege escalation options for this, the “dog” you need to use should be apparent. If you’re having trouble getting the tool to work on the box, try switch to a meterpreter shell. From here, you should be able to see a path.
Can anyone confirm whether brute-forcing is necessary for user, or are there other ways?
Type your comment> @Klamby said:
Can anyone confirm whether brute-forcing is necessary for user, or are there other ways?
you must crack a hash
Hi, if someone could DM me, I have creds, but no access to anything, I will better explain in DM. Thanks
edit: NVM got it. On root now
PM for nuggets
I got the lowpriv user creds but can’t access the machine… What is this mystical higher port that will give me shell access? I only see S*B services pretty much and the mainstream impacket tools which give shell require write access to the share and you can’t change the default ports.
I keep getting rpc_s_access_denied.
Any nudge is appreciated!
EDIT: Found out the port and service. Initially thought it was not something I could connect to but thanks to nudge from @PercyJackson35 I learned a new tool that I did not know before
Type your comment> @Dreadless said:
Type your comment> @DaChef said:
Just rooted and it was a quite amazing box!
Hints:Initial: Run Basic enumeration scripts
User: Impacket
Root: The “Dog” will do the trick!
Any chance you can DM me what the “Dog” is lol
Google for a dog in the greek mythology
Type your comment> @wo1f said:
I got the lowpriv user creds but can’t access the machine… What is this mystical higher port that will give me shell access? I only see S*B services pretty much and the mainstream impacket tools which give shell require write access to the share and you can’t change the default ports.
I keep getting rpc_s_access_denied.
Any nudge is appreciated!
for smb (as said above) you need writable admin$ or c$ to execute commands, you need to find another service
there must be something I miss ? like many others getting the usersID’s was easy but how to get the pw ? … all those imp- scripts require a valid cred right ?
Type your comment> @dodosstuff said:
there must be something I miss ? like many others getting the usersID’s was easy but how to get the pw ? … all those imp- scripts require a valid cred right ?
One of the scripts will give you the pw ha**.