This is the box that got me to hacker rank, and what a great machine to pwn. Felt (at least to me) to be very realistic. Also managed to get there with minimal peeking at the forum. Just two hints got me to root, 1 was to use impacket for user and the other was to use a certain canine-themed tool. You will need to do some research online, thankfully there are some great articles out there. You need to sift out the ones that start with “so assuming you’ve got a domain user’s credentials somehow…”
My hints:
- User - find an AD enumeration guide that specifically says what you can try when you don’t have any user creds; there are only limited options. https://book.hacktricks.xyz has a great AD methodology section.
- Root - You need to “sniff” out an avenue of attack. Seriously, this tool is the dog’s bollocks. You can run as many “enumeration” and privesc scripts as you want, follow all the windows privesc guides, and you’ll be left with sweet FA.