Sauna

is there someone that is willing to review my impacket command? i dont get any succesfull output, plese PM me

Rooted. Really fun box. I did most things from one tool.

There’s one account that doesn’t do anything, but it got some time from me thinking it had to do something.

User1: OSINT, then think like a company/bank and how their login would be. Requires an authentication protocol knowledge.
User2: Standard enumeration on WIndows machine. Just run your everyday script and it should be clear. Requires Windows OS understanding
Root: Standard AD attack with a few steps. The first ones aren’t that usual, but the last one everyone and their cats are doing it. Basic AD skill is needed.

I need a nudge with this one, can someone PM if they can help ?

Type your comment> @Cratzor said:

I need a nudge with this one, can someone PM if they can help ?

At least put without spoilers what you have enum, and the information you have gathered so far.

Rooted. Nudges in PM :slight_smile:

Rooted the box! Great learning experience for a newbie, looking forward to moving onto the next box. Thanks also go to @FunkyMcBeef and @Noob5RUs for their help too.

Rooted, was a fun box, definitely learned so much about AD with this one, I have little knowledge in that area, thanks @egotisticalSW for this box! And a big shoutout to @M3rlin for the help!

Rooted, is is a funny box, root part is easy.

Rooted the machine. Thanks to @cyberafro, @FunkyMcBeef, @olsv and
@MadBitSec for showing interesting approaches to proceed further.

Overall fun box, didn’t really care for guessing the naming scheme, took too long to get it correct. Need to invest time on how to automate that step. (If someone has a tool share would love to check it out)

Priv-esc was fun, was looking for a box to test this path. Glad I got the chance.

Thanks for the box @egotisticalSW !

got user, i think really informative for for windows beginners like me

next step root :slight_smile:

I want share with to you briefly, some stuff of this box make me crazy, i have no knowledge about this things, but at the end, good box, but tricky box.

Reading the post yoou will find all nudge you want.
I let one only nudge that for me make me crazy:

Root: when you have find juice things back to usual connection tool, you will be able to use in :wink:

Feel free to send a me message

rooted; thanks to the patience of @FunkyMcBeef

Rooted!

c:>hostname & whoami
SAUNA
nt authority\system

IMHO, this is not the easy box.

Stuck on getting the second user. I have f***** user. My windows skill are apparently rusty. Can I get a PM?

for me, very difficult. :frowning:

but, after more time XD

C:\Users\Administrator\Desktop>whoami
nt authority\system

I couldn’t use G****s.py due to SKEW. So, I sycned with target machine. However, I didn’t fix this probelm.

Type your comment> @alicemacs said:

I couldn’t use G****s.py due to SKEW. So, I sycned with target machine. However, I didn’t fix this probelm.

feel free to pm me if you still stuck

rooted yesterday :slight_smile: thanks a lot @noi
pm me for hint if u stuck

finally root

my review:

I haven’t worked with AD for a long time learning a lot again.

first user its a little complex to get but the snake its friendly.

second just need to search for the right tools to get something from server and let the snake make a deserved break.

afther you have the second user some people as i think have used b*********d

i prefer my friend from the first steep, its simple and quickly

for root why dont call your friend again?

in resume the snake have maked all the hard work for me.

thanks to @FunkyMcBeef @c4ph00k