Forest

1101113151627

Comments

  • Type your comment> @bumika said:

    Type your comment> @7h3B4dg3r said:

    Type your comment> @bumika said:

    Type your comment> @7h3B4dg3r said:

    Type your comment> @bumika said:

    Type your comment> @7h3B4dg3r said:

    Desperately trying to get root for days now. Just give me a nudge: do I need to create a user and login with that user or can I use remote tools to get what i need?
    Because I found an interesting privesc method, but I need to login to use it and I can't find a way to do it. It could be useful to know if I'm losing time or not.

    I used both of them. Using remote tool was the last step.

    Just to be clear: you managed to login with a user you created on the domain, right? Not just the user needed for the initial foothold.
    Thanks.

    Absolutely.

    I managed to log in with that user (shame on me), and I gave it (what I think are) the right permissions to do the trick, but I get a "ERROR_DS_DRA_BAD_DN" error...
    Is there something wrong with permission or is it something else?

    Send a PM me.

    Nevermind I solved it.
    Thanks anyway. :)

  • a little help for switch from my new user to s*******n?

  • Awesome box. I'm super weak on windows privesc and I learned a ton about AD, powershell, and windows domains from this box.

  • Spoiler Removed

  • Am new to windows boxes, have tried running enum4linux and obtained some users but can't seem to find any creds. Have also tried the recommended impacket scripts but just get these errors: "Kerberos SessionError: KDC_ERR_WRONG_REALM(Reserved for future use)"

    Any help on getting initial foothold would be appreciated (: Thanks!

    hackerB31

  • Type your comment> @hackerB31 said:
    > Am new to windows boxes, have tried running enum4linux and obtained some users but can't seem to find any creds. Have also tried the recommended impacket scripts but just get these errors: "Kerberos SessionError: KDC_ERR_WRONG_REALM(Reserved for future use)"
    >
    > Any help on getting initial foothold would be appreciated (: Thanks!

    If you are using an ip, maybe there is something you can do to use a name instead
  • edited November 2019

    I'm totally stuck at root.... I was able to walk the dog and create a user with the evil thing using Po***Vi** but I can't log in with that user. Can someone give me a nudge?

  • Type your comment> @MichiS97 said:

    I'm totally stuck at root.... I was able to walk the dog and create a user with the evil thing using Po***Vi** but I can't log in with that user. Can someone give me a nudge?

    It's a matter of belonging to the right group.

  • Guys I'm stuck.
    Found the dog for remote and was able to query and got some results. However they seem not to be complete as the dog is not able to show me the full path from a to b.
    I also used the p0wnedshell and invoked the dog but it's always telling me it can't write the results although I have full permissions on the folder. Any hints?

  • Hey guys! need some help.
    When i run the cmd to give me D****c rights using powerview got the following error:
    Warning: Error granting principal xxxxxxxxxxxxx xxxx 'D****c' on DC=htb,DC=local : Exception calling "CommitChanges" with "0" argument(s): "A constraint violation occurred

    the comand to add the ACL seams to be ok, using evil-***rm
    any idias?
    Thanks.

  • I'm still stuck with the new user. I'm able to login, but there's nothing I can do because the lack of permissions. Neither n***j****y, nor po*****p, nothing has permissions enough to get anything. Any nudge?
  • Got root myself. NVM :)

  • @Nt3c said:
    Hey guys! need some help.
    When i run the cmd to give me D****c rights using powerview got the following error:
    Warning: Error granting principal xxxxxxxxxxxxx xxxx 'D****c' on DC=htb,DC=local : Exception calling "CommitChanges" with "0" argument(s): "A constraint violation occurred

    the comand to add the ACL seams to be ok, using evil-***rm
    any idias?
    Thanks.

    For me powerview didn't do the trick. But i was able to do it with a tool remotely from linux.

  • @BadRain said:
    I'm still stuck with the new user. I'm able to login, but there's nothing I can do because the lack of permissions. Neither n***j****y, nor po*****p, nothing has permissions enough to get anything. Any nudge?

    That didn't work for me neither. I used a tool that will to the dog walk remotely.

  • Type your comment> @MactheDice said:

    Type your comment> @hackerB31 said:

    Am new to windows boxes, have tried running enum4linux and obtained some users but can't seem to find any creds. Have also tried the recommended impacket scripts but just get these errors: "Kerberos SessionError: KDC_ERR_WRONG_REALM(Reserved for future use)"

    Any help on getting initial foothold would be appreciated (: Thanks!

    If you are using an ip, maybe there is something you can do to use a name instead

    Thanks @MactheDice , managed to figure out the semantics of using the impacket tool. There's a flag that can also be used if I wanted to use ip instead of a name

    hackerB31

  • I am stuck on this one with getting a working user. Was able to get the pw for s**-*******o and can see some more info in smb, but trying to move past this I am not finding the right path. G******SPN*.py keeps returning 'No entries found' which has me stuck for that path. I also try g****T.py which works but does not seem to gain me access anywhere else. A pm nudge would be great, I'm fairly new to all this so I am sure I am just missing something.

  • Type your comment> @7h3B4dg3r said:

    Type your comment> @MichiS97 said:

    I'm totally stuck at root.... I was able to walk the dog and create a user with the evil thing using Po***Vi** but I can't log in with that user. Can someone give me a nudge?

    It's a matter of belonging to the right group.

    I guess my new user would have to belong to the Se****e A******* group. No idea how to add the user to that group though. I tried it with Add-DomainGroupMember but I get an error saying Access Denied.

  • Type your comment> @MichiS97 said:
    > Type your comment> @7h3B4dg3r said:
    >
    > (Quote)
    > I guess my new user would have to belong to the Se****e A******* group. No idea how to add the user to that group though. I tried it with Add-DomainGroupMember but I get an error saying Access Denied.

    You need for another group. Check the “DA” path, check s**-a*******’s indirect rights and you will find the proper group.

    bumika

  • Finally rooted. However, during the process I kept having the same issues that other people mentioned in that SH.ps1 or SH.exe gave absolutely no output. Unfortunately, I didn't write down how I managed to get it to work. Can anyone help me via PM?

  • Managed to get foothold, thanks @bipolarmorgan and @MrPennybag for the nudge!
  • Any help on this I used the Dog and know my path but can not find next steps.

  • Type your comment> @Droctapus said:

    Any help on this I used the Dog and know my path but can not find next steps.

    Me too

  • Ahem... where did user.txt gone? Wasn't supposed to be on .........'s desktop?
  • Type your comment> @BadRain said:

    Ahem... where did user.txt gone? Wasn't supposed to be on .........'s desktop?

    9/23/2019 2:16 PM 32 user.txt

    still on the server

    windows 7 is my rig :) if it can't be done on windows, i fail.

  • nevermind... two days and I was looking for something... that I already had :S

  • Rooted Machine, thanks to @FlessFish @GetGetGetGet @Just You for open my mind

  • So i got user and password, but cant really seems to login anywhere with it, anyone could spare a hint? :)

  • Type your comment> @FailWhale said:

    So i got user and password, but cant really seems to login anywhere with it, anyone could spare a hint? :)

    There is a service that u can connect to, but you may have to use something evil ;)

  • @contr0melod1c said:
    Rooted Machine, thanks to @FlessFish @GetGetGetGet @Just You for open my mind

    Did you fully enumerate the box? maybe more than top 1k?

  • when i use the evil method to try to walk my dog - he wont walk
    when i try the remote method i run into L**P connection errors - verbosity isnt helping much with the troubleshooting
    a PM hint would be appreciated

    drdave

Sign In to comment.