Forest

Hey, can someone help me with the syntax for the dog. I have it on the box but I’m getting errors, I’m 99% sure I’m right and just need to tweak the command a bit

Type your comment> @dog9w23 said:

Hey, can someone help me with the syntax for the dog. I have it on the box but I’m getting errors, I’m 99% sure I’m right and just need to tweak the command a bit

It is important that you use all relevant authentication data. I have experience with the powershell version.

Type your comment> @bumika said:

Type your comment> @dog9w23 said:

Hey, can someone help me with the syntax for the dog. I have it on the box but I’m getting errors, I’m 99% sure I’m right and just need to tweak the command a bit

It is important that you use all relevant authentication data. I have experience with the powershell version.

when I tried using the user and password settings I just got the help page thrown at me or an error saying no such object. it seems to not want to take anything I try to put in (and I’m not using evil)

Type your comment> @dog9w23 said:

Type your comment> @bumika said:

Type your comment> @dog9w23 said:

Hey, can someone help me with the syntax for the dog. I have it on the box but I’m getting errors, I’m 99% sure I’m right and just need to tweak the command a bit

It is important that you use all relevant authentication data. I have experience with the powershell version.

when I tried using the user and password settings I just got the help page thrown at me or an error saying no such object. it seems to not want to take anything I try to put in (and I’m not using evil)

Send me a PM, and I will try to help.

Finally got the dog to walk. But not sure what else to do now. See my path, but dont understand. Dog has tips to use P****-V***, but that does not work. Got a article that has a similar attack?

Just got user. If you don’t know windows, this is going to be a pain (it was for me).

If you’re using impacket scripts, grab the latest from github.

Type your comment> @ciyiw88006 said:

I hgot a shell using Ev*******M and uploaded Sd.ps1 to the document folder of the user and I cant run Ine-B***d after Importing it as module. Any idea why?

I’m having the same problem. I’ve used the bypass methods and it’s still not firing. Been reading for days. Could use some help.

I was able to get a list of user accounts. Stuck on the next steps

Just completed User on this one… finally got to use E…-W…M tool, cool! Of to Admin

Guys can anyone confirm the status of the machine? I have been trying since two days and it is showing as offline, I tried to stop/start restart, etc… nothing!

[EDIT] Nevermind, transferring the machine did the job!

Type your comment> @djbrains said:

finally, cost me over a month, 1 laptop, a desk, my relation but totaly worth it.

USER INFORMATION

User Name SID
================= ============================================
htb\administrator S-1-5-21-3072663084-364016917-1341370565-500
E**-***M PS C:\Users\Administrator\desktop>

this is also a hint, last step can be done without impact.
just lookat wat you used for the user shell

xd

Stuck on getting root. Have the pup running and am able to add to Gr— P— C-- O— group. The dog says I should be able to do a dc sync attack but doesn’t look like that’s working. Also says that I have access to change GPO. Any nudges would be amazing.

Hit me with a PM if help is needed

Thanks to @egre55 and @mrb3n to creating this machine.

I got the system but it was impossible for me without the hints from @madhack . I am using the bloodhound first time and it doesn’t show me anyhting useful or I couldn’t understand. Anyway, root part was very hard for me. It is not an “Easy” level machine.

I’m getting the following with the remote py tool, despite using various parameters and making changes to my hosts file. Obviously I’m missing something, is someone able to discuss by PM?

dns.exception.Timeout: The DNS operation timed out after 3.00170922279 seconds

Hello everyone, I already have the user but I have lost hours with the root if someone could help me.

have a nice day

i have a user and pass but can seem to figure where to go next a nudge would be helpful now.

Can anyone please help about this error ?
KRB_AP_ERR_SKEW(Clock skew too great)
I’m currently using Manjaro distro. I can’t find a way to set the time to match the server and the nmap take such a long time to run.

YES!!! Finally rooted this box. I think I went about it in a long way but I learned a ton. Basically use the user access you have, run the hound, find the misconfig because people have to send mail, use the right tool to exploit that misconfig and give the user account some extra privs, use those privs to find out secrets about other users, …

Like I said, probably the long way. Please PM me if there is an easier way. In anyway, thanks to the creators of this box for a fun learning and obsessing project.

Type your comment> @HeXN0P said:

Can anyone please help about this error ?
KRB_AP_ERR_SKEW(Clock skew too great)
I’m currently using Manjaro distro. I can’t find a way to set the time to match the server and the nmap take such a long time to run.

That means the domain server time and your local time are not equal. You have to set in your computer the same time that has the domain server to get granted for tickets. It’s not necessary to be extremely equal, this “allowed inequality” range between server and client is set by the defualt sysadmin, it can be seconds or minutes depending what was set but better to set your time to the most closest you can to the server time