this box was an animal…took me almost 3 weeks to root it. I was a Windows admin about 10 yrs ago so I have some experience with AD but that experience sort of played against me on this one (those ■■■■ graphical AD tools vs command line)!
also interesting to note, for root - some of the ‘old school’ techniques didnt work for me unless I got somewhat loud and sloppy…this one forced me to learn new tools (alp* ) and relearn some concepts.
stuck on running bh. not exactly sure what I’m missing and reading through the comments and the config has got me in a loop I can’t escape and I’m bashing my head. I believe I’m passing all the right params but there is no output. please help
Edit: Finally got the box, what a PITA, but very fun. In the end, it was just me holding myself back.
Been trying to execute BH.exe or .Ps1 but both just fail with out any output. could someone please DM Me. i’m using EW** for shell. going crazy (loving the challenge, but hit a wall and i’m no longer learning) Please DM.
Finally rooted. It was my first root for windows machine and I had 0 knowledge about AD, but with a help of great people I learnt a ton. I highly recommend to watch some videos about AD security and bloodhound.
If you need any help feel free to ask me, because I know how confusing it can be if you’ve never done anything with AD
Rooted. nice box - Big Thanks to the creators (echoing some of the other comments) this felt to be more than an easy box, I’m guessing you need a very very solid understanding of AD for it to be easy.
Having a helluva time with this Machine. I was able to get users, ports and such. But still struggling on a foothold to gain a credential to login. Mostly seem to be having issues on the cmd line part of it right now. Could use a nudge on command help if someone could please DM me
Need a nudge for root. Could someone DM me with a little help.
New to the dog and AD, think I know what I need to do just don’t really know how to go about it. Anything helps! Thanks.
If you on the last step of cracking hash for user account, for sure you need hashc**, but last step for root some impacket scripts accept hash for login.
Thank you for posting this. I almost gave up when I couldn’t crack the hash. This was a good learning experience but man was it rough going through the forest.
Totally new to windows AD here.
I got the permissions suggested by the dog but the kat doesnt work at all any hints? am i on the right track? (im just using the same user but with more permissions)
That’s my first windows box that I really trying to solve, but I have no experience for windows pentest techs at all.
Got user creds, logged in to some services but no luck getting shell, user flag, finding path to proceed.
Please PM me some articles, retired writeups, any materials that can help to understand howto and what can be done here, just have no idea where to start.
Can someone Message me. I have been stuck on root for days and could use a hint in the right direction. I know about the two *oup that i need to be in. I just cant figure out what final step to get access. Thanks