Forest

Can someone PM me for root. I’ve done the prerequisites for the final touch of root but not getting anywhere after going for a walk with the Dog…

can someone PM a hint on the password?
got a bunch of users but everything i want to connect to needs a password…
was bruteforcing against some service but feels needless.

Type your comment> @p3tj3v said:

can someone PM a hint on the password?
got a bunch of users but everything i want to connect to needs a password…
was bruteforcing against some service but feels needless.

Same here. A lot of users but no password

Type your comment> @rholas said:

Type your comment> @an0n said:

is brute force required to get a password?

Just for user, Adm… use hash

tried, but without success. probably i am doing something wrong…

Type your comment> @YOLOnline said:

Type your comment> @p3tj3v said:

can someone PM a hint on the password?
got a bunch of users but everything i want to connect to needs a password…
was bruteforcing against some service but feels needless.

Same here. A lot of users but no password

maybe we need some custom wordlists, idk.

Type your comment> @an0n said:

Type your comment> @YOLOnline said:

Type your comment> @p3tj3v said:

can someone PM a hint on the password?
got a bunch of users but everything i want to connect to needs a password…
was bruteforcing against some service but feels needless.

Same here. A lot of users but no password

maybe we need some custom wordlists, idk.

Hint: The Three Headed Dog :slight_smile:

Can someone PM me, I found the users i done a lot of enumerations but i wasn’t able to gather credential to go deeper… can you give me some hint ?

can someone please PM me i been looking for help for days

This is a good box.

To get creds: once you have compiled a list of valid accounts. Look into different roasting techniques. Make sure your libraries and tools are up to date/latest version.

Root: I tripped myself up here and went deep down some powershell internals rabbit holes - so my advice is - after putting all the pieces together, make sure to log-off and then log-back on.

Spoiler Removed

Hi all,

If someone has a post or hint discussing the methods used to extract a hash from that service, I would greatly appreciate it! Spent hours researching to no avail. I have a number of usernames, which service needs to be exploited and what toolset is used. Just haven’t been able to put the pieces together. Feel like I’ve totally hit a wall.

Thanks strangers!

So… managed to get a shell. Got the hound running through the forest.
But nothing seems to stick out.
Anyone like to push me in right direction?

Bruteforcing isnt needed at any part of the box. Remember keberos is a lot vulnerable so google what you can get from it.
For root : Powersploit is a lot powerful if you combine it with the BloodHound. At last step. Go back to where u began … impacket.

Pm for help :slight_smile:

Just finished it.

I don’t think I would have put it in the easy category.
Obviously, once you get it done, the process looks fairly straight forward, but finding the way and the tools…
I did learn from it, tho, so thanking the creators is in order. And also @Ketil and @polarbearer of course.

Hints:
User: You have most likely already done something very similar in other boxed (I can think of two at least).
Root: As mentioned before, the hound will find the way for you :wink:

Happy to assist if anyone needs a push.

Type your comment> @idomino said:

Rooted. Seemed way more complicated to me than some of the “medium” boxes I did.

On the topic of esoteric hints: I might be the minority here, but I like them. It’s not a solution in your face, but when you find a possbile path, which “clicks” with the esoteric hint, you know it’s not a rabbit hole and worth pursuing.

I wouldn’t really say being esoterically reaffirmed you aren’t in a rabbit hole is that much of a hint, and it certainly does nothing to help those who need genuine direction.

and yes this box was not 20 points IMO, sniper was way easier than this

Spoiler Removed

Impakter is always asking for passwords for normal user… Is even normal ?

Type your comment> @Nikolay167 said:

Impakter is always asking for passwords for normal user… Is even normal ?

one of the tools in the example folder will give you 4 different ways to get the TGT info. I promise if you read the writeup in it, you will get a hash.

I tried all kinds of shells, including meterpreter, but cannot get any output from the dog. Any hints please, am I doing it wrong or what?

if you aren’t getting results from the dog, try barking at it with a regular cmd prompt instead of powershell…

For those stuck trying to find the user password … impacket is very useful! it’s a bit overwhelming at first, because there are so many scripts, but you’ll find what you are looking for eventually. have patience, young padawan!