Forest

Sry for duplicate posts, browser sent post request multiple times

First box I ever pen tested. Enum the username. Ripped the has but not sure I did that right. Anyone able to help over DMs. Not looking for answers.

manage to get user, in my packet get. rip curl smoked the hash.
thanks for help
will appreaciate DM hints on root?
I have never trained any dogs.

Hi All.

Ok. I think this one has beaten me. White flag raised.

I used the greek dog to get the scv* credential and I can get in using something evil. I’ve used the Hound to look at possible paths, but all appear to be dead ends.

Watched a good number of video’s and learned a good number of new skills, but after days of work with no movement, I’m burnt out at this stage. I think I must be missing something fundamental. You don’t know what you dont know right?

I’m off to walk the real life dog and get some air. Maybe something will come to mind. In the meantime, any pointers would be good. Please PM me for Respect.

Thanks in advance!

Edit - Turns out I wasn’t missing any knowledge. Turns out the remote py data collector (hint) does not collect all the data needed to show a path.

Hey guys,

I have transfered and import sharp doggy script throught some evil proto session but when I am trying to invoking it no output is generated and also no file. Please help guys.

edit: I have got it I have used a .py version

deleted

Finally rooted this box! Good lord, only took me a little over a week. Thanks to the creators for making this; I learned a lot about attacking AD than I thought I would! Also thanks to everyone here in the forums for all of your tips and guidance. Couldn’t have done it without you!

Struggled with this box for roughly a month and finally rooted today thanks to the help i received. Great box to the creators.

Needing some help with root, someone pm please. Got my simple python server setup and sharphound ported over… I run it, it doesnt error out. But creates nothing and when I invoke bloodhound, again it doesnt error out, but does nothing.

I have cracked the service account credentials, but no idea how to get the user shell. Please PM me for hints, thanks a lot

Finally rooted last night. Thanks to @j9allmarine17 for the help. I was on my way there but timing was key along with missing some key parts when running some of the tools needed to get to where I needed to be.

For anyone still trying, keep in mind that some tools need essential information to run or simply run properly. Also, when working with ‘the dog’ timing is key along with working with a ‘directory’ structure.

Finally rooted this box.
Thanks to @royc3r , @episteme and @3zculprit for all the help !

If you know AD stuff, its probably easy. If you know next to nothing about AD, like me, you will get to learn some ■■■■ and no longer be “Jon Snow”.

Probably Will also learn couple new tools !
Keep trying harder !

Hi All.

I have a very specific problem, but i don’t want to give anything away, so I’ll try and stick to what others have already outlined here.

I am at the stage where you add a user to a certain group and then scan the AD using a certain ingestor.

However, no matter which local version I use, they all fail. No output and no error message. I used a remote py version which does collect the data and I can throw this data into the Hound but now I see a new problem.

After adding the user to the group, I still dont see an available attack path, which leads me to believe my ingestor is maybe not reading the domain entirely.

If I am correct, then adding the user to the group should give it potential access to some new security rights and this should show up in the Hound after a rescan?

Sorry… trying to be vague. I hope some of you guys get what I’m trying to say here lol

Any help would be greatly appreciated at this point.

Cheers!

Edit - Turns out I wasn’t missing any knowledge. Turns out the remote py data collector (hint) does not collect all the data needed to show a path.

Still could use some help… Really not sure how to get my user added to the group everyone is talking about. net localgroup does not work. I also cannot run powerview so I cannot run any powershell commands via my winrm shell. pretty stuck here. 0 experience with powershell here

Rooted. My head is blown after this challenge. As everybody else said: I learned a lot.

I’ve been trying for days to get root.

Here goes my hints: don’t overthink too much. Don’t try to complicate things.
The dog is important to tell you where you are and that’s all. From there you should Google to know what is missing for you. Try to do it RIGHT.
Once you get it, as I said, don’t complicate things.

Well I need a hint getting root. I can add user to the 2 Ex groups, but cannot seem to get the DCS right added properly. I am not actually sure which Domain Object I should add it to. Because the right is not added, getting secrets fails.

Am I on the right track?
Thanks

Blimmin heck that was a learning curve an a half.

Finally nailed root.

Definitely burnt some hours on this one but dang it feels good once I got there.

Thanks to @jenco for the the help.

Would be keen to discuss my methodology to see what else I can learn.

Type your comment> @Uglymike said:

On the final stages, but am having trouble firing up sec*****ump.py. I keep getting:
DRSR SessionError: code: 0x20f7 - ERROR_DS_DRA_BAD_DN - The distinguished name specified for this replication operation is invalid.

Edit: Nevermind. It was me.

i’ve the same error, can someone help me ?

i got the “dogs way graphs” , but not sure what to do next. any hints pls, im stucked for few days here -_- thx

Type your comment