can anyone nudge me on user. I have 6 users one password for one of the users but not sure where to go with it. have been playing with smb but getting no joy. Please send me a message if you can nudge
Hi, did you got password using bruteforce or there is another smart way?
To work with this box do you use only linux or it is better switch to windows? I also found users but for the moment Forest is a good name for this machine. I am exploring each tree but for the moment with no results.
Most of the nudges you need can be found in this thread. No brute force needed.
I say “most”, because @whammy helped me realise I needed to use the Imp… version of a particular tool to dump out the secretsauce, not the one installed in /usr/bin. Thanks again, Whammy.
Most of the nudges you need can be found in this thread. No brute force needed.
I say “most”, because @whammy helped me realise I needed to use the Imp… version of a particular tool to dump out the secretsauce, not the one installed in /usr/bin. Thanks again, Whammy.
Cannot Import the P--w--rUp module in the PS over the evil door.
Anyone can import it successfully for executing the Add-D--m--in--bjectA--l
to change something on the Forest?
Rooted, thanks to @DarioTwitta for the important hint, @steps0x29a and @vxa7d to give me the help.
User really simple.
Truly speaking i was in a black hole for root, without an help, especially to understand why what used by others for me was not working, I think that i could spend a lot of days to solve.
Interesting box about the vulnerability and how to abuse it.
Could someone give me a nudge on root? Running Kali & have user shell, let the hounds run, can create domain accounts & assign them to various groups. Stuck on the d**l part I think.
@g3ph4z From the error message I’d say you’re specifying the wrong domain name with s******.py but send me a PM with the exact command you’re running and I’ll see if I can spot anything else
Guys im having a hard time cracking the password so i get the kerb**s hash for sv*-a**** and im trying to crack it and johnny boy takes more than a day and doesnt find the password, what am i doing wrong? was this a loophole? any hints please anyone
HOLY mackerel, that root was harder than my parents divorce. HUGE shoutout to @acidbat and @GibParadox for the help.
User: enumeration is key. Nothing fancy.
Root: the dog helps you see the path, you just have to research how to exploit it. I couldn’t do it with a supplied user - had to create my own and go from there. The cat will take you the rest of the way.
This is the box that got me to hacker rank, and what a great machine to pwn. Felt (at least to me) to be very realistic. Also managed to get there with minimal peeking at the forum. Just two hints got me to root, 1 was to use impacket for user and the other was to use a certain canine-themed tool. You will need to do some research online, thankfully there are some great articles out there. You need to sift out the ones that start with “so assuming you’ve got a domain user’s credentials somehow…”
My hints:
User - find an AD enumeration guide that specifically says what you can try when you don’t have any user creds; there are only limited options. https://book.hacktricks.xyz has a great AD methodology section.
Root - You need to “sniff” out an avenue of attack. Seriously, this tool is the dog’s bollocks. You can run as many “enumeration” and privesc scripts as you want, follow all the windows privesc guides, and you’ll be left with sweet FA.
So I managed to get User by using evil but am curious if it can be done using im******'s ps****.py script. I have been messing around with it for a couple days and am sure I am just getting the syntax wrong. Can anyone help me with the syntax?
Hello guys, how are you doing?!
yeah, i kinda have a problem, so yesterday i tried to enum the machine like I use to do and i got users and I br*** them to the password and i actually got it, didn´t think that I would get it by doing that at all because almost every box we don´t need to do it, but yeah. SO the problem is: With that password i tried to do the rest of the enum and it worked but today i tried to do the exact same thing with the exact same code and it get a auth error, and i tried to br*** again and the password is not the same and it doesn´t give me a password at all.
I tried to reset the machine and its the same, so did someone change the passwords yesterday or what happen??