Forest

may i ask for a nudge or hint? i don’t know if the tool i’m using is working because every time i issue a command there is no output if it was successfully executed. i don’t even know if it’s working or not. maybe you can give me some guide on what it will display if the commands were issued, either if it is successful or not?

Need a little assistance… Got user. Onto Root. was able to create a new user, ran SH.exe from a windows vm, added the new user to “Ee Td Sm & Ee Ws P***s” groups.

I’ve read on using D****.exe or P****v**w.ps1 but can someone give me some pointers… thanks,

I need a nudge for finding user creds. I have a list of users and I know how to login in once I get the creds, but I just can’t find any hashes or pass for the users.

Aparently, all the impacket scripts I tried needs a valid creds first, to run properly…

Please PM me …

Thanks to the creator of the machine, the user’s part is quite simple but the root is complicated somewhat more, it is just having real information and you make it easy a greeting

Can someone give me some hint. I was able to own the user. After that i took the dog out to chain some things up. Then i was able to dump a whole lot of secrets. But the one i hoped for wasn’t there. I don’t know where to go from here.

Forget that. I forgot i didn’t need to do something else with the dump.

Type your comment> @inertia said:

I need a nudge for finding user creds. I have a list of users and I know how to login in once I get the creds, but I just can’t find any hashes or pass for the users.

Aparently, all the impacket scripts I tried needs a valid creds first, to run properly…

Please PM me …

Not all the scripts. There’s one that will do the job.

this box was an animal…took me almost 3 weeks to root it. I was a Windows admin about 10 yrs ago so I have some experience with AD but that experience sort of played against me on this one (those ■■■■ graphical AD tools vs command line)!

also interesting to note, for root - some of the ‘old school’ techniques didnt work for me unless I got somewhat loud and sloppy…this one forced me to learn new tools (alp* ) and relearn some concepts.

PM me if you need help

HINTS

User
System allows anonymous enumeration
Looks for weak Kerberos settings

Root
“Sniff” out DACL weakness
Use impacket to expose secrets

stuck on running bh. not exactly sure what I’m missing and reading through the comments and the config has got me in a loop I can’t escape and I’m bashing my head. I believe I’m passing all the right params but there is no output. please help :slight_smile:

Edit: Finally got the box, what a PITA, but very fun. In the end, it was just me holding myself back.

hello
can someone help me in walking the dog with the snake?

Been trying to execute BH.exe or .Ps1 but both just fail with out any output. could someone please DM Me. i’m using EW** for shell. going crazy (loving the challenge, but hit a wall and i’m no longer learning) Please DM.

Finally rooted. It was my first root for windows machine and I had 0 knowledge about AD, but with a help of great people I learnt a ton. I highly recommend to watch some videos about AD security and bloodhound.
If you need any help feel free to ask me, because I know how confusing it can be if you’ve never done anything with AD

Whew, finally rooted - what a fight this one was! Thanks @VoltK

Rooted. nice box - Big Thanks to the creators (echoing some of the other comments) this felt to be more than an easy box, I’m guessing you need a very very solid understanding of AD for it to be easy.

Thanks to nav1n and cassn94 for there help !!

Having a helluva time with this Machine. I was able to get users, ports and such. But still struggling on a foothold to gain a credential to login. Mostly seem to be having issues on the cmd line part of it right now. Could use a nudge on command help if someone could please DM me

Need a nudge for root. Could someone DM me with a little help.
New to the dog and AD, think I know what I need to do just don’t really know how to go about it. Anything helps! Thanks.

** edit ** whoops lol

Type your comment> @Icyb3r said:

Type your comment> @xcabal said:

I am at the last step but I cannot crack the hash :cry:

If you on the last step of cracking hash for user account, for sure you need hashc**, but last step for root some impacket scripts accept hash for login.

Thank you for posting this. I almost gave up when I couldn’t crack the hash. This was a good learning experience but man was it rough going through the forest.

finally the root