Forest

I finally got user. Tip: get a ticket to the show. hack back in google will guide your path.

i have a list of valid user and I find a way to brute force it using the “dog” but when i run it, it say’s error resolving hostname ‘h**.l****l.’ to an ip address address: No such host is known and Unable to get domain controller address but I already did adding the hostname to the hosts file.Can you give me a help?

got a username and a password with low privilege. I try to do Ker*******ing and to do that I first need to enumerate those juicy Ss so I ran GNs.py with password but found no entries, then I run it again with Ks ticket but gave me the error SessionKeyDecryptionError: failed to decrypt session key: ciphertext integrity failure. Any nudges would be awesome.

stuck on user cannot walk the dog using Evil and Inv-Blo, tried different options but nothing

Edit: got it, and then stuck with bloodhound, a new account and nowhere to put it

Good morning guys, can someone guide or route to the root because I’m missing something pm

thank you very much

rooted, took me ages and I must say learnt a load about AD and windows in the meantime. Was no way an easy box. thanks to Luemmel and acidbat for the nudge.

User hints : enumerate lots to get a list of users and look to use a known weakness in how 90% of ADs are configured to get a user hash. The evil tool will help you once you have these.

Toot hints : elevate from one account and use another to run the dog. It doesn’t run too well locally so look for some other methods. When the dog shows you a path, use the 3 method to take advantage.

Thanks to the creator, a great box and probably the most real life one i have come across.

Type your comment> @Deslight said:

Type your comment> @Omnisec said:

Anybody else getting

Ldap Connection Failure.
Try again with the IgnoreLdapCert option if using SecureLDAP or check your DomainController/LdapPort option ?

Edit:
Switched to from Sharp to Blood and it worked smoothly.

Any idea why this error occurs?

I am having the same exact issue… How did you solve it ?!

Type your comment> @coolZero1473 said:

I finally got user. Tip: get a ticket to the show. hack back in google will guide your path.

Can you give me nudge? I got a ticket but it gives me an error.

@lessloveless said:
Got User: ummm Enum to death! you should find a list of users, an impacket script will be helpful to get the rest if you so doth request it to do so.

Got Root: !!! That was awesome! Basically avoid all the mistakes I did. the evil man can call the dog, just gotta use the right syntax and it will work, from the machine. Once you have what you need and have run the right syntax, you will know where to go.

If you have a problem with the cat, avoid using it entirely. There is an old shell module that helps the evil man properly, uses a small part of the cat to do exactly what you need to do.

Fun box :slight_smile: pret cool

i have the ticket and this error pops up “Kerberos SessionError: KDC_ERR_S_PRINCIPAL_UNKNOWN(Server not found in Kerberos database)” and when i change the target ip to htb.l***l it pops this error “SMB SessionError: STATUS_MORE_PROCESSING_REQUIRED({Still Busy} The specified I/O request packet (IRP) cannot be disposed of because the I/O operation is not complete.)”.

This box was amazing, thank you.

THATS MY ERROR:
[Errno Connection error (LOCAL.HTB:88)] [Errno -2] Name or service not known

i tried to change domain to:
forest.htb.local
local.htb
htb

someone? :frowning:

Can someone give me a hand to get the root I have I have the json but I’m missing something some advice thank you very much pm me

@OtzLyGotzLy I have the same error, can anyone help with this?

Type your comment> @Ma1ware said:

@OtzLyGotzLy I have the same error, can anyone help with this?

PM i fix that

This machine being labeled as easy is the biggest lie on HTB.

was using e***-w**** to get initial foothold but now its not working. Could someone DM me on how to use imp****t.

nvm got it

Wasted too much time on root now… Feels like I’m always command away but that command doesn’t work :frowning:
PM me please

Anyone free to help me with root. I understand about how to use the dog, but I feel I have missed a step in progressing.

Tried Pwn.py, P**change.py, nothing works…

I’ve been bashing my head and keyboard a long time in the route for root.

I got the evil to walk to the dog and found a path, been able to create an user, but then I’m stuck. Anybody I can PM for questions?