Forest

Can someone Message me. I have been stuck on root for days and could use a hint in the right direction. I know about the two *oup that i need to be in. I just cant figure out what final step to get access. Thanks

Type your comment> @mikensen said:

hey hackers. i uploaded dog through evil ps, but when i try run .\SpH*d.exe nothing will happen… any ideas? ps1 either :confused: thx for any nudge

you can use bloh*-python in order to collect data remotely

Hey guys, stuck on getting user. I managed to get the hash but not sure what to do with it next. I am sure bruteforcing is not the best way. Should I look into this evil little tool everyone is talking about?

Alright, I am currently playing with the dog but somehow the system is not letting me… nothing comes back …any hints?

Trying to get ROOT LOOPZ on this SOB.

Why do I error when I try find secrets?!?

DM assistance please !

someone confirm there are alternate routes please?

Rooted, thanks @VoltK for the help.

tip for root: after finding the path with the dog, consider using someone other than s********o to do what you need to. Makes things a bit easier when there are others on the box.

Ohh, got the user. This was… so many new tools. Next step - root and, possible, another new tool…

Type your comment> @0daybot said:

Rooted, thanks @VoltK for the help.

tip for root: after finding the path with the dog, consider using someone other than s********o to do what you need to. Makes things a bit easier when there are others on the box.

I strongly recommend for everybody to create a new user and support it instead “promoting” s*********o. If somebody solves the task using latter method, he/she should reset the machine since that status doesn’t reflect the original conditions and other hackers can solve the task without understanding the original concept.

I’m trying to run I*****-*****n but keep getting null errors? Anybody have a solution for this issue?

Man how the F do you get this box without having to go into windows and use ADE* like… ok got the account… Now what exactly do I do from giving it the Exc**** Privs and then using secdu.py lol like this box is driving me freaking mad. I’m at the final gate and just can’t get this s#$# to work right.

Any help for linux pwning?

Hi,

Need help for root flag !!! I’m pretty sure i have done 95% of the job but I cannot figure why this sh** don’t work.

I have a new user created and granted this with “EXCH*** WIND*** PERM***” rights. Then, abuse dacl for this user like suggested by Blood*** in order to have DCSync rights. It seems good but when i want to remotely dcsync with sec***-d***.py this don’t work…Any ideas ???

Thanks for your help

I am currently stuck on the part where you need to give a user some permissions. I walked the dog, found the w******** vulnerability and I created a new user that I want to give the replicating permissions to but I am having trouble with this.

Any help is appreciated! Thanks!

Edit: Thanks to @gverre and @sta1ker for the help! Much appreciated! If anyone needs help, feel free to PM me. Lots of little things I was missing.

Root: One hint I can give is be sure you’re authenticating with the right service and you are passing the right arguments.

What a fun ride. I felt like red teaming all along. No amount of hints will help until you do a thorough research on your own. It’s a beautiful teaching experience, so make the most of it.

Hints:

User:
Run basic windows enum tech. One impacket script can help us do a kind of roast which will help us get user.

Root:

Bloodhound + impacket + a lot of research. By no means it will be easy if you have not worked with AD priv esc.

Enjoy. Pm for nudges. I can guide you to the right reference material

Welp, I wasted an entire day because I didnt check the download from git, downloaded an HTML file saved as sharphound.ps1 LOL, the journey continues

C:\Users\Administrator\Desktop>whoami
htb\administrator

Mad mad mad thank you to LSD4me … days this dudes been patiently guiding me with nudges.

This box was a freaking beast lol. Wanted to give up but the itch wouldn’t let me and my man never gave up!

Don’t give up, this box has a F ton of things to learn. It’s also sent me on a itch for more knowledge about AD.

Thanks!

Hi, I found users. And now I’am trying to understand Impacket. But right now I don’t know what I should do with this information. Any help would be perfect.

Ge*********.py asking for pass and giving error ??? anyclue how to get through?

I got the user credentials but i’m stuck on root tried SH and i couldn’t find any path that would help me.
i’m sure that i’m missing something , but for the first machine i think that i did well getting the user credentials by myself. it’s been 4 days, and i really want the answer.
if can someone PM me with a hint it will be appreciated.

Type your comment

Hi,
I have been stuck on root for week.
Found the path, added the right D****c using Add-*******L to a new user, remote dumping secret doesn’t work !

Can someone PM me,
H.