Forest

Type your comment> @jones7 said:

@shakaaa said:
I am really stuck with root on this one. Got the BH onto PS using EW-* but it doesnt give results. Tried remotely but getting heaps of dns errors. Very lost on what to try now

there’s a python thingy for the hound that works

that one puts .localdomain at the end of the domain name for no reason

Type your comment> @shakaaa said:

I am really stuck with root on this one. Got the BH onto PS using EW-* but it doesnt give results. Tried remotely but getting heaps of dns errors. Very lost on what to try now

I edit my host file to resolve that.

Desperately trying to get root for days now. Just give me a nudge: do I need to create a user and login with that user or can I use remote tools to get what i need?
Because I found an interesting privesc method, but I need to login to use it and I can’t find a way to do it. It could be useful to know if I’m losing time or not.

Type your comment> @7h3B4dg3r said:

Desperately trying to get root for days now. Just give me a nudge: do I need to create a user and login with that user or can I use remote tools to get what i need?
Because I found an interesting privesc method, but I need to login to use it and I can’t find a way to do it. It could be useful to know if I’m losing time or not.

I used both of them. Using remote tool was the last step.

can any one help me on PrivEscl using Powshel script. do i need to use old vrzon of H.exe tool as i alwuz get error

use whatever whatever version you have installed on kali. easier.

Type your comment> @bumika said:

Type your comment> @7h3B4dg3r said:

Desperately trying to get root for days now. Just give me a nudge: do I need to create a user and login with that user or can I use remote tools to get what i need?
Because I found an interesting privesc method, but I need to login to use it and I can’t find a way to do it. It could be useful to know if I’m losing time or not.

I used both of them. Using remote tool was the last step.

Just to be clear: you managed to login with a user you created on the domain, right? Not just the user needed for the initial foothold.
Thanks.

Type your comment> @7h3B4dg3r said:

Type your comment> @bumika said:

Type your comment> @7h3B4dg3r said:

Desperately trying to get root for days now. Just give me a nudge: do I need to create a user and login with that user or can I use remote tools to get what i need?
Because I found an interesting privesc method, but I need to login to use it and I can’t find a way to do it. It could be useful to know if I’m losing time or not.

I used both of them. Using remote tool was the last step.

Just to be clear: you managed to login with a user you created on the domain, right? Not just the user needed for the initial foothold.
Thanks.

Absolutely.

Hello to everyone.
Im kinda stuck, cause I can’t get output from Sharp or Blood even with specified domain/ldap port/domain controller and over also Ive tried exec bypass, with no results.
What should I use instead of Evil and any advice will ve apreciatable; thx

EDIT: got root, it was cool but no way easy)

bravo to egre55 & mrb3n

who is redman? i am henk :smiley:

Absolutely stuck with root, help plz :slight_smile: done all recon, got user, got users tgt for user…

got root, looot of thanks to @arale61

Anyone able to give some tips on root :)?

Spoiler Removed

Spoiler Removed

Type your comment> @CLQWN said:

Anyone able to give some tips on root :)?

Explore different groups in the domain and how they are connected to each other :wink:

I could use some help. I’m having difficulty finding the hash for the users that I was able to retrieved. I’ve tried every single tool in the Im*****t arsenal but no luck and the earlier posts are not clicking with me. if someone could shoot me a pm to get me back on track that would be greatly appreciated.

I have found the Impacket scripts but they don’t work. I get:

SessionError: KDC_ERR_PREAUTH_FAILED(Pre-authentication information was invalid)

or

SessionKeyDecryptionError: failed to decrypt session key: ciphertext integrity failure

I have read I need to sync time with the DC, how do I do this?

I’ve already tried ‘rdate -n forest.htb’, which set the time but still the scripts don’t work.

Edit: nevermind, there was a problem with my syntax. Got a hash now ^_^.

Rooted after many days messing around with lots of different tools and scripts. So much wouldnt work ‘out of the box’ and I had to get some sanity checks to make sure I was on the right path as the way I ended up rooting it failed many, many times previously. Learned a lot so its great in that way but in no way is this an easy box, at least not compared to the other easy boxes.

finally got root, took me an entire week trying useless things and making small mistakes. this box frustrated me so much that it feels better than orgasm to beat it. feel free to pm for hints/nudges

edit: nvm