Forest

HTB Content Machines
983

I’ve been trying to get root for a couple of days now when I had a chance.
I got really stuck, I now the path to the exchange so I can take the dump, but it’s not working. I’m doing the user changes manually so I can use the python tool, but maybe there are too much people changing the user with scripts?

Or maybe I’m not doing the permissions right?

Please help! PM me, maybe?

This should be pretty simple.

EDIT: Rooted!!

*Evil-ToOl* PS C:\Users\Administrator\Desktop> whoami /Groups

GROUP INFORMATION -----------------

Group Name Type SID Attributes
========================================== ================ ============================================= ===============================================================
Everyone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group
BUILTIN\Administrators Alias S-1-5-32-544 Mandatory group, Enabled by default, Enabled group, Group owner
BUILTIN\Users Alias S-1-5-32-545 Mandatory group, Enabled by default, Enabled group
BUILTIN\Pre-Windows 2000 Compatible Access Alias S-1-5-32-554 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\NETWORK Well-known group S-1-5-2 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\This Organization Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group
HTB\Group Policy Creator Owners Group S-1-5-21-3072663084-364016917-1341370565-520 Mandatory group, Enabled by default, Enabled group
HTB\Domain Admins Group S-1-5-21-3072663084-364016917-1341370565-512 Mandatory group, Enabled by default, Enabled group
HTB\Enterprise Admins Group S-1-5-21-3072663084-364016917-1341370565-519 Mandatory group, Enabled by default, Enabled group
HTB\Organization Management Group S-1-5-21-3072663084-364016917-1341370565-1104 Mandatory group, Enabled by default, Enabled group
HTB\Schema Admins Group S-1-5-21-3072663084-364016917-1341370565-518 Mandatory group, Enabled by default, Enabled group
~HTB\Denied RODC Password Replication Group Alias S-1-5-21-3072663084-364016917-1341370565-572 Mandatory group, Enabled by default, Enabled group, Local Group~
NT AUTHORITY\NTLM Authentication Well-known group S-1-5-64-10 Mandatory group, Enabled by default, Enabled group
Mandatory Label\High Mandatory Level Label S-1-16-12288

Thanks @VbScrub to pointing out my mistake, @trab3nd0 to confirm my thinking