@shakaaa said:
I am really stuck with root on this one. Got the BH onto PS using EW-* but it doesnt give results. Tried remotely but getting heaps of dns errors. Very lost on what to try now
there’s a python thingy for the hound that works
that one puts .localdomain at the end of the domain name for no reason
I am really stuck with root on this one. Got the BH onto PS using EW-* but it doesnt give results. Tried remotely but getting heaps of dns errors. Very lost on what to try now
Desperately trying to get root for days now. Just give me a nudge: do I need to create a user and login with that user or can I use remote tools to get what i need?
Because I found an interesting privesc method, but I need to login to use it and I can’t find a way to do it. It could be useful to know if I’m losing time or not.
Desperately trying to get root for days now. Just give me a nudge: do I need to create a user and login with that user or can I use remote tools to get what i need?
Because I found an interesting privesc method, but I need to login to use it and I can’t find a way to do it. It could be useful to know if I’m losing time or not.
I used both of them. Using remote tool was the last step.
Desperately trying to get root for days now. Just give me a nudge: do I need to create a user and login with that user or can I use remote tools to get what i need?
Because I found an interesting privesc method, but I need to login to use it and I can’t find a way to do it. It could be useful to know if I’m losing time or not.
I used both of them. Using remote tool was the last step.
Just to be clear: you managed to login with a user you created on the domain, right? Not just the user needed for the initial foothold.
Thanks.
Desperately trying to get root for days now. Just give me a nudge: do I need to create a user and login with that user or can I use remote tools to get what i need?
Because I found an interesting privesc method, but I need to login to use it and I can’t find a way to do it. It could be useful to know if I’m losing time or not.
I used both of them. Using remote tool was the last step.
Just to be clear: you managed to login with a user you created on the domain, right? Not just the user needed for the initial foothold.
Thanks.
Hello to everyone.
Im kinda stuck, cause I can’t get output from Sharp or Blood even with specified domain/ldap port/domain controller and over also Ive tried exec bypass, with no results.
What should I use instead of Evil and any advice will ve apreciatable; thx
I could use some help. I’m having difficulty finding the hash for the users that I was able to retrieved. I’ve tried every single tool in the Im*****t arsenal but no luck and the earlier posts are not clicking with me. if someone could shoot me a pm to get me back on track that would be greatly appreciated.
Rooted after many days messing around with lots of different tools and scripts. So much wouldnt work ‘out of the box’ and I had to get some sanity checks to make sure I was on the right path as the way I ended up rooting it failed many, many times previously. Learned a lot so its great in that way but in no way is this an easy box, at least not compared to the other easy boxes.
finally got root, took me an entire week trying useless things and making small mistakes. this box frustrated me so much that it feels better than orgasm to beat it. feel free to pm for hints/nudges