Forest

Hello to everyone.
Im kinda stuck, cause I can’t get output from Sharp or Blood even with specified domain/ldap port/domain controller and over also Ive tried exec bypass, with no results.
What should I use instead of Evil and any advice will ve apreciatable; thx

EDIT: got root, it was cool but no way easy)

bravo to egre55 & mrb3n

who is redman? i am henk :smiley:

Absolutely stuck with root, help plz :slight_smile: done all recon, got user, got users tgt for user…

got root, looot of thanks to @arale61

Anyone able to give some tips on root :)?

Spoiler Removed

Spoiler Removed

Type your comment> @CLQWN said:

Anyone able to give some tips on root :)?

Explore different groups in the domain and how they are connected to each other :wink:

I could use some help. I’m having difficulty finding the hash for the users that I was able to retrieved. I’ve tried every single tool in the Im*****t arsenal but no luck and the earlier posts are not clicking with me. if someone could shoot me a pm to get me back on track that would be greatly appreciated.

I have found the Impacket scripts but they don’t work. I get:

SessionError: KDC_ERR_PREAUTH_FAILED(Pre-authentication information was invalid)

or

SessionKeyDecryptionError: failed to decrypt session key: ciphertext integrity failure

I have read I need to sync time with the DC, how do I do this?

I’ve already tried ‘rdate -n forest.htb’, which set the time but still the scripts don’t work.

Edit: nevermind, there was a problem with my syntax. Got a hash now ^_^.

Rooted after many days messing around with lots of different tools and scripts. So much wouldnt work ‘out of the box’ and I had to get some sanity checks to make sure I was on the right path as the way I ended up rooting it failed many, many times previously. Learned a lot so its great in that way but in no way is this an easy box, at least not compared to the other easy boxes.

finally got root, took me an entire week trying useless things and making small mistakes. this box frustrated me so much that it feels better than orgasm to beat it. feel free to pm for hints/nudges

edit: nvm

Edit: I am too quick to ask for help, I think I need read up on B*hd for a bit and see how that helps.

PM for nudges.

Rooted and learned a lot about AD environments along the way.

Feel free to PM for hints if needed.

I need help with root please, while collecting data I’m getting error with cert, even if I add switch to ignore it it does not work… any hint?

Update… got it.

Pretty sure I am on the right track after getting User by trying to get one of the B*hd ingestors onto the box but I’m struggling how.

I tried E***-W**** and can upload using that but cannot execute any PS successfully.

Can someone let me know what tool I should be using to upload/execute PS/EXE please?

Fellow Hackers, Just ran into a wall. I"m working with a python script that results in multiple DNS issues. I have all AD Info and played around with my host file. Still hitting a wall. Adjusting all parameters in the tool with diff -gc names diffrent -ns names. Will appreciate a nudge.

Got in with a new user, metasploit can’t create a ticket. any nudge for a better tool?