Sauna

Type your comment> @VbScrub said:

Type your comment> @LaszloNagy said:

I’ve got plaintext credentials for the service account, but they don’t seem to be valid. Am I overlooking something, or going into a rabbithole?

yeah the username you found isn’t quite right… I think its a mistake from the box author personally, but maybe its just meant to be an extra little trick. Do some more enum in the normal place you’d find user accounts in this environment and find the correct username

Lol I noticed that too…I already had the correct one though. Could go either way.

Just rooted!

Nice box, especially if you’ve tried another, similar one before. It’s good to practice and that was what Sauna did for me. I could check my writeup and see what has been missing.

Although all seems to have been said:

User: Simple enumeration, think like an admin, guess a bit, bulk processing :slight_smile:
Root: More enum, no hounds, just being evil, asking a snake for secrets and not being that faithful with them.

IIRC, there should be another way, something more…direct? Anyhow, if anyone has info on that, I’d appreciate a quick PM with a hint on where to look for info on that.

Thanks @egotisticalSW for this nice box :slight_smile:

Type your comment> @sckull said:

Algunas de las pistas que puedo dejar:

User: Relacionado con OSINT, uno de los protocolos en AD y, combinaciones entre si.
User2: Enumeracion basica en Windows - Privilege Escalation.
Root: Puedes utilizar al doggo para obtener informacion, puede ser local o remota. Junto con esto automatizar el ataque tambien con una tool del doggo.

Gracias por los hints

Just rooted this machine. DM if you are stuck.

finally, after almost a week, rooted my first box.
even got john working on a kali @ RPI :smiley:
learned a lot!
Thanks @egotisticalSW !

Got User, working on root!

Finally rooted…
Awesome box (windows machine) to learn a lot about Active Directory, windows registry, Windows PE…

Thanks @egotisticalSW for the fun!

is there someone that is willing to review my impacket command? i dont get any succesfull output, plese PM me

Rooted. Really fun box. I did most things from one tool.

There’s one account that doesn’t do anything, but it got some time from me thinking it had to do something.

User1: OSINT, then think like a company/bank and how their login would be. Requires an authentication protocol knowledge.
User2: Standard enumeration on WIndows machine. Just run your everyday script and it should be clear. Requires Windows OS understanding
Root: Standard AD attack with a few steps. The first ones aren’t that usual, but the last one everyone and their cats are doing it. Basic AD skill is needed.

I need a nudge with this one, can someone PM if they can help ?

Type your comment> @Cratzor said:

I need a nudge with this one, can someone PM if they can help ?

At least put without spoilers what you have enum, and the information you have gathered so far.

Rooted. Nudges in PM :slight_smile:

Rooted the box! Great learning experience for a newbie, looking forward to moving onto the next box. Thanks also go to @FunkyMcBeef and @Noob5RUs for their help too.

Rooted, was a fun box, definitely learned so much about AD with this one, I have little knowledge in that area, thanks @egotisticalSW for this box! And a big shoutout to @M3rlin for the help!

Rooted, is is a funny box, root part is easy.

Rooted the machine. Thanks to @cyberafro, @FunkyMcBeef, @olsv and
@MadBitSec for showing interesting approaches to proceed further.

Overall fun box, didn’t really care for guessing the naming scheme, took too long to get it correct. Need to invest time on how to automate that step. (If someone has a tool share would love to check it out)

Priv-esc was fun, was looking for a box to test this path. Glad I got the chance.

Thanks for the box @egotisticalSW !

got user, i think really informative for for windows beginners like me

next step root :slight_smile:

I want share with to you briefly, some stuff of this box make me crazy, i have no knowledge about this things, but at the end, good box, but tricky box.

Reading the post yoou will find all nudge you want.
I let one only nudge that for me make me crazy:

Root: when you have find juice things back to usual connection tool, you will be able to use in :wink:

Feel free to send a me message

rooted; thanks to the patience of @FunkyMcBeef