Forest

1141517192039

Comments

  • Finally rooted it.
    It's 15 years since my last pwn but honestly I never thought I became so "rusted".
    Anyway this box is not such a piece of cake even if you chewed AD before. I cant imagin how overwhelming may be for those who never faced it.
    thanks @blay for nudges on going ahead

    echo start dumb.bat > dumb.bat && dumb.bat
    doh!

  • edited November 2019

    Is W*******L the path to root?

  • edited November 2019

    Hi, I Got the map and found a path(maybe) but I have no idea for next step for root. Some nudge

    Hack The Box

  • Finally rooted! 1 week studying stuff for be able to pwn this machine but in the end worth it

    Thanks for the nudges @wwingcomm @Chobin73 @MrPennybag without their help probably 2/4 weeks to root this machine xD

    Any help that you need ping me

    TigaxMT

  • edited November 2019

    I hgot a shell using Ev*******M and uploaded S********d.ps1 to the document folder of the user and I cant run In***e-B********d after Importing it as module. Any idea why?

  • Hi, I got the data into the dog but I just don't know what am I supposed to look at, I know the basics of AD so this is a bit overwhelming. A nudge would be very appreciated.

  • Little nudge for everyone: google has really all the answers you need, and the dog can really help you pose the right question. As stated before, the AD is somehow a true beast to deal with, but nothing has been really overturned on it's core functioning since Win2k.

    echo start dumb.bat > dumb.bat && dumb.bat
    doh!

  • I keep running into an error using s*****d*.py. I have moved s-a****** into the E***** W***** P****** group as well.

    Please PM me with suggestion!

  • hi guys, when i tried to use ACL***.py. I always get a "No Path Found". My dog is running though.

  • Can you just please stop resetting the machine ? It keep resetting like every 30 minutes... STOP IT really...

    If you don't succeed for what you do then something is wrong but it's not the machine itself.

    I tried like 20 times yesterday, it's really annoying...

  • Finally got root. FINALLY. pm is you want a nudge.

  • Rooted! very hard for me, but learning a lot.

    Thanks @wwingcomm for for all the hits and @chm0dx for the introduction.

  • Type your comment> @Andres7ll said:

    Rooted! very hard for me, but learning a lot.

    Thanks @wwingcomm for for all the hits and @chm0dx for the introduction.

    I am still trying to root it after 3 days....
    Now it seems the box is down.

  • While I did get root, I'm going back and still struggling to figure out why S----H----.* cannot or does not work via e--l-w---m. Is b---------.py, with opts to get more than the default, the only means to get that data to map out the way? It ended up not being particularly helpful, so a bit confused why often urged in this thread. Something is not clicking for me.

  • edited November 2019

    After enumerating for 2 hours, I realised I already had the user flag and hadn't noticed. I'm currently stuck in a rabbit hole I think, trying an exploit which seems to be the one but I can't get into the port I need.

    Edit: Rooted, fun box.

    User: Find the right tool, get your hashes
    Root: Take the dog for a walk, but you might find something that will do the whole job for you. Once you find the treasure, pass it on.

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • After a lot of trouble, I'm finally pwned this machine !! Pretty hard but i've learn a lot :D

    PM if you want some help ;)

  • edited November 2019
  • Hey, can someone help me with the syntax for the dog. I have it on the box but I'm getting errors, I'm 99% sure I'm right and just need to tweak the command a bit

  • Type your comment> @dog9w23 said:

    Hey, can someone help me with the syntax for the dog. I have it on the box but I'm getting errors, I'm 99% sure I'm right and just need to tweak the command a bit

    It is important that you use all relevant authentication data. I have experience with the powershell version.

    bumika

  • Type your comment> @bumika said:

    Type your comment> @dog9w23 said:

    Hey, can someone help me with the syntax for the dog. I have it on the box but I'm getting errors, I'm 99% sure I'm right and just need to tweak the command a bit

    It is important that you use all relevant authentication data. I have experience with the powershell version.

    when I tried using the user and password settings I just got the help page thrown at me or an error saying no such object. it seems to not want to take anything I try to put in (and I'm not using evil)

  • Type your comment> @dog9w23 said:

    Type your comment> @bumika said:

    Type your comment> @dog9w23 said:

    Hey, can someone help me with the syntax for the dog. I have it on the box but I'm getting errors, I'm 99% sure I'm right and just need to tweak the command a bit

    It is important that you use all relevant authentication data. I have experience with the powershell version.

    when I tried using the user and password settings I just got the help page thrown at me or an error saying no such object. it seems to not want to take anything I try to put in (and I'm not using evil)

    Send me a PM, and I will try to help.

    bumika

  • Finally got the dog to walk. But not sure what else to do now. See my path, but dont understand. Dog has tips to use P****-V***, but that does not work. Got a article that has a similar attack?

  • Just got user. If you don't know windows, this is going to be a pain (it was for me).

    If you're using impacket scripts, grab the latest from github.

    SIG

  • Type your comment> @ciyiw88006 said:
    > I hgot a shell using Ev*******M and uploaded S********d.ps1 to the document folder of the user and I cant run In***e-B********d after Importing it as module. Any idea why?

    I'm having the same problem. I've used the bypass methods and it's still not firing. Been reading for days. Could use some help.

    Arrexel

  • I was able to get a list of user accounts. Stuck on the next steps

  • Just completed User on this one... finally got to use E...-W...M tool, cool! Of to Admin

  • edited December 2019

    Guys can anyone confirm the status of the machine? I have been trying since two days and it is showing as offline, I tried to stop/start restart, etc... nothing!

    [EDIT] Nevermind, transferring the machine did the job!

  • Type your comment> @djbrains said:

    finally, cost me over a month, 1 laptop, a desk, my relation but totaly worth it.

    USER INFORMATION

    User Name SID
    ================= ============================================
    htb\administrator S-1-5-21-3072663084-364016917-1341370565-500
    E***-****M PS C:\Users\Administrator\desktop>

    this is also a hint, last step can be done without impact.
    just lookat wat you used for the user shell

    xd

  • Stuck on getting root. Have the pup running and am able to add to Gr--- P--- C-- O--- group. The dog says I should be able to do a dc sync attack but doesn't look like that's working. Also says that I have access to change GPO. Any nudges would be amazing.

  • Hit me with a PM if help is needed

    Best regards Luemmel

    OSCP
    Luemmel

Sign In to comment.