Monteverde

Spoiler Removed

Finally rooted!
After being stuck on the root part for hours @VbScrub and @COLLECT helped me out. ■■■■ i will always be a ScriptKidde :tired_face:
I will definitely do some more research on this A**** topic.

As always Feel Free to pm for hints :smile:

Just finished this one, for me the worst part was the first pair of credentials, the guessing name is not really my thing, but felt stupid once i realized that the pwd was, doh!

Don’t overcomplicate things, everything is right in front of you!

For root, like everybody mentioned, there’s a few POC’s on the wild for you to use.

Feel free to ping me for hints!

cheers @egre55 for this cool box!

Can someone PM / give me a nudge on root? Been googling for hours.

Got root, i must thank @tekkenpc for hint!

User: as said, Try to think about lazy users and lazy admins. It’s litterally under your nose.

Root: search for something interesting. When you got, try to google it.
If you got some problem, try to read slowly: you miss something.

Not hard at all, just take your time.

@egre55 nice work, very useful box!

Type your comment> @Pierl666 said:

Got root, i must thank @tekkenpc for hint!

User: as said, Try to think about lazy users and lazy admins. It’s litterally under your nose.

Root: search for something interesting. When you got, try to google it.
If you got some problem, try to read slowly: you miss something.

Not hard at all, just take your time.

@egre55 nice work, very useful box!

Awesome! Glad you got it!

Just root. Worth spending some time on youtube for root. It leads you to learn.

I really liked this box, found it way easier than e.g. Nest…

My only advise here is to be patient, read the forum, check everything as someone said it earlier : Everything is in front of you :slight_smile:

Ping me if you’re stuck.

Thanks to the creator.

Good luck!

finally rooted! i also have a write up for this box here:

Finally rooted :slight_smile:

Foothold: exchange of fire between found users and dummy passwords. You can do it manually, or using gigantic water-snake-like three-head monster ,or manually (time-consuming). Use the combination found and dance in Brazilian style.

User: enumeration, enumeration, and … intense blue mineral lapis lazuli shines file (not difficult to notice). When found use profoundly immoral tool.

Root: a nightmare for me. TRY HARDER - always helps, but you need to look for tips when head blows up → BIG THANKS @VbScrub for heads-up. pointing where look for solution.

I hope not too much spoiler. My First review :slight_smile:

Got user. Learned another tool.

Now write some notes and on to root :lol:

phew! Finally. Breathing a big sigh of relief after what was probably too many hours on this. Was definitely familiar with Azure AD Sync from an ops standpoint, but now am a lot more familiar with it from an infosec standpoint.

A few pointers that hopefully may help:

Fingerprinting: Don’t just blindly use the tool set. Look at your tools, and pay attention to all of the options they provide. There’s a reason why those options exist. Play around.

User: all been said before, enumerate and look at what you have access to… you’ll find what you need.

Root: may be tricky for new comers to Windows/AD. Enumerate your groups, and Google for what you haven’t seen before. You may find some code / script. If you hit a wall, make sure to check out the blog by @VbScrub.

Happy hacking!

Rooted.

The thing to exploit was apparent. Find the right articles/videos to get the info to the final attack is the challenge.

got user :blush:
next step root :wink:

feel free to pm me for any hint to get user :smiley:

Very nice box! Thanks egre55 for creating that. I love boxes, where it is not only about looking for nitty gritty details, but learn a lot about the environment, especially if that is so broadly used in nowadays businesses.

PM for help

just rooted, this was fun, PMs are welcomed for hints

rooted yesterday at night :slight_smile:
thx for this machine

pm me for hint if u get stuck

Thanks to @VbScrub .I am very grateful for your excellent tips.

Can I get a little nudge please? I have the foothold, found A**** and found the POC ps1 for it but I can’t get it to work. I have an idea that I need to change a certain string in it but I’m stuck there.

Little hint for root?
I have no understanding on how A**** works, any article on what I have to understand first to exploit this service?
Thanks.

Edit: Rooted, thanks to @kiaora for helping me out.