Forest

is there a way to solve this without impacket?
i cant get this @#$%^ working.
’ print “Warning: You don’t have any crypto installed. You need either POW or PyCrypto”’
belief me, it is installed, both of them.

Rooted! Great box thanks to the creators. Thanks to all the people that gave me hints as well!

PM if you need a hand.

Need a little nudge . I am completely new to Active directory and I don’t have much knowledge in hacking windows

Type your comment> @n4v1n said:

Spoiler Removed

SORRY :frowning:

Type your comment> @LeonardLeonard said:

Type your comment> @suls said:

Type your comment> @LeonardLeonard said:

Need help regarding the actual user shell.
I’ve obtained a username and a password, but I’ve tried attacking all the ports I could find with a lot of the impacket execs (smbexec,psexec,wmiexec), and some metasploit things. The user just seems to have no access to anything meaningful? Appreciate either a DM or a hint here. I feel like I’m really close, but missing something silly

If you don’t know the tool you will never find this, check @mcruz comment on the previous page

I did see it previously, but I couldn’t figure out what “EVIL” meant

EDIT: Nevermind, found it. But now I’m confused as to why all my other tools failed. What made this tool special?

metasploit winrm cmd cant use some native installed security features. Evil can

Взял рут, если нужны подсказки обращайтесь.
Rooted

Having troubles, with root, if anyone can help me please send a message, I will make sure to tell you what I did so far.

Anyone willing to give me a nudge towards user? I have an account and a cracked hash but I’m not sure where to go next. I’ve been trying like 2 different methods using these credentials but I’m honestly not sure whether or not I even need to be trying what I’m trying.

got user now to try to figure out shell.

Type your comment> @Enlil said:

Взял рут, если нужны подсказки обращайтесь.
Rooted

подсказки, пожалуйста.
(probably wrong, but i only took1 year русский)

Type your comment> @djbrains said:

Type your comment> @Enlil said:

Взял рут, если нужны подсказки обращайтесь.
Rooted

подсказки, пожалуйста.
(probably wrong, but i only took1 year русский)

ahahahhah its correct!

Type your comment> @BrunoSardine said:

Anyone willing to give me a nudge towards user? I have an account and a cracked hash but I’m not sure where to go next. I’ve been trying like 2 different methods using these credentials but I’m honestly not sure whether or not I even need to be trying what I’m trying.

RM THE EVIL

i obtain users list with kerberos_enumusers but i cannot discover hash for crack and access to machine.
can you help?

Hi! I already got root but I really want to try it with privex…py as well! If anyone got it that way as well please message me

hey guys, struck with root. already found the path via dogs what I should do escalate to get the root. but dunno how to do it? any hints please. Thanks

whew, what an experience on tnhis box. Learned a ton of some windows skills! Thnx to @Chantal2019 , @GibParadox and @jpredo for assistance along the way. Have a great weekend all!

got a username and password . Whats next

:slight_smile:

Finally got root! Thanks for the help @n4v1n @rholas and @bipolarmorgan ! This was a really fun box and I learned a lot!

Really nice machine that learned lots from, thanks @egre55 & @mrb3n .

Took me a few days as I have zero experience of AD environments (I’ve been hiding in the world of Linux for far too long :)). But there are easily enough hints in the first few pages of this forum to struggle through along with the copious reading material online about AD and Kerberos (although good understanding of the latter is not really needed but is a nice to have).

Just as a small aside, its always the “easy” boxes that are hard! But, to be fair I can understand why it was marked as an easy as its just running standard scripts - nonetheless it did highlight fundamental gaps in my knowledge.