I’ve got plaintext credentials for the service account, but they don’t seem to be valid. Am I overlooking something, or going into a rabbithole?
yeah the username you found isn’t quite right… I think its a mistake from the box author personally, but maybe its just meant to be an extra little trick. Do some more enum in the normal place you’d find user accounts in this environment and find the correct username
Lol I noticed that too…I already had the correct one though. Could go either way.
Nice box, especially if you’ve tried another, similar one before. It’s good to practice and that was what Sauna did for me. I could check my writeup and see what has been missing.
Although all seems to have been said:
User: Simple enumeration, think like an admin, guess a bit, bulk processing
Root: More enum, no hounds, just being evil, asking a snake for secrets and not being that faithful with them.
IIRC, there should be another way, something more…direct? Anyhow, if anyone has info on that, I’d appreciate a quick PM with a hint on where to look for info on that.
User: Relacionado con OSINT, uno de los protocolos en AD y, combinaciones entre si. User2: Enumeracion basica en Windows - Privilege Escalation. Root: Puedes utilizar al doggo para obtener informacion, puede ser local o remota. Junto con esto automatizar el ataque tambien con una tool del doggo.
Rooted. Really fun box. I did most things from one tool.
There’s one account that doesn’t do anything, but it got some time from me thinking it had to do something.
User1: OSINT, then think like a company/bank and how their login would be. Requires an authentication protocol knowledge.
User2: Standard enumeration on WIndows machine. Just run your everyday script and it should be clear. Requires Windows OS understanding
Root: Standard AD attack with a few steps. The first ones aren’t that usual, but the last one everyone and their cats are doing it. Basic AD skill is needed.
Rooted the box! Great learning experience for a newbie, looking forward to moving onto the next box. Thanks also go to @FunkyMcBeef and @Noob5RUs for their help too.
Rooted, was a fun box, definitely learned so much about AD with this one, I have little knowledge in that area, thanks @egotisticalSW for this box! And a big shoutout to @M3rlin for the help!
Overall fun box, didn’t really care for guessing the naming scheme, took too long to get it correct. Need to invest time on how to automate that step. (If someone has a tool share would love to check it out)
Priv-esc was fun, was looking for a box to test this path. Glad I got the chance.
I want share with to you briefly, some stuff of this box make me crazy, i have no knowledge about this things, but at the end, good box, but tricky box.
Reading the post yoou will find all nudge you want.
I let one only nudge that for me make me crazy:
Root: when you have find juice things back to usual connection tool, you will be able to use in