That’s my first windows box that I really trying to solve, but I have no experience for windows pentest techs at all.
Got user creds, logged in to some services but no luck getting shell, user flag, finding path to proceed.
Please PM me some articles, retired writeups, any materials that can help to understand howto and what can be done here, just have no idea where to start.
Can someone Message me. I have been stuck on root for days and could use a hint in the right direction. I know about the two *oup that i need to be in. I just cant figure out what final step to get access. Thanks
Hey guys, stuck on getting user. I managed to get the hash but not sure what to do with it next. I am sure bruteforcing is not the best way. Should I look into this evil little tool everyone is talking about?
tip for root: after finding the path with the dog, consider using someone other than s********o to do what you need to. Makes things a bit easier when there are others on the box.
tip for root: after finding the path with the dog, consider using someone other than s********o to do what you need to. Makes things a bit easier when there are others on the box.
I strongly recommend for everybody to create a new user and support it instead “promoting” s*********o. If somebody solves the task using latter method, he/she should reset the machine since that status doesn’t reflect the original conditions and other hackers can solve the task without understanding the original concept.
Man how the F do you get this box without having to go into windows and use ADE* like… ok got the account… Now what exactly do I do from giving it the Exc**** Privs and then using secdu.py lol like this box is driving me freaking mad. I’m at the final gate and just can’t get this s#$# to work right.
Need help for root flag !!! I’m pretty sure i have done 95% of the job but I cannot figure why this sh** don’t work.
I have a new user created and granted this with “EXCH*** WIND*** PERM***” rights. Then, abuse dacl for this user like suggested by Blood*** in order to have DCSync rights. It seems good but when i want to remotely dcsync with sec***-d***.py this don’t work…Any ideas ???
I am currently stuck on the part where you need to give a user some permissions. I walked the dog, found the w******** vulnerability and I created a new user that I want to give the replicating permissions to but I am having trouble with this.
Any help is appreciated! Thanks!
Edit: Thanks to @gverre and @sta1ker for the help! Much appreciated! If anyone needs help, feel free to PM me. Lots of little things I was missing.
Root: One hint I can give is be sure you’re authenticating with the right service and you are passing the right arguments.
What a fun ride. I felt like red teaming all along. No amount of hints will help until you do a thorough research on your own. It’s a beautiful teaching experience, so make the most of it.
Hints:
User:
Run basic windows enum tech. One impacket script can help us do a kind of roast which will help us get user.
Root:
Bloodhound + impacket + a lot of research. By no means it will be easy if you have not worked with AD priv esc.
Enjoy. Pm for nudges. I can guide you to the right reference material
Hi, I found users. And now I’am trying to understand Impacket. But right now I don’t know what I should do with this information. Any help would be perfect.