Okay a bit of newbie here. Was able to pull down 2 user accounts and passwords. Don’t have any idea where to use them tried rpc, smb, etc. I’m actually familiar with SH unfortunately the python version isn’t working, so I’m spinning up a windows box. Anyway, I could really use help here, first time actually spending time in htb. If someone could PM with a hint for tools for user or if I’m completely off there .
User done. Getting to grips with the Windows/AD thing.
EDIT: Got the dog to map the box. Imported data to local dog analytics thing. Marked my owned user and experimented with those “shortest path to x” features. Very nice tool.
@nando740 said:
Added initial pwned user to the “Ex…” group. After relogin, I can confirm, but after a minute or two, that permission vanishes from this user…?
Don’t add that user to anything. Think about it. You’re affecting everyone else attacking this machine at the same time as you. If you grant that account extra permissions, now someone else who gets those creds after that will be starting with extra permissions they shouldn’t have. Create a new user account and do whatever you want with that.
Created a new user, and added “w…e…p” group to him. Can’t use him to login, since its not a service account, and that group permission can’t be added. If I understand correctly, I should use this account to grant additional permissions.
@nando740 nothing to do with being a service account. There is a standard group on modern Windows machines that controls who is allowed to log in remotely with po********
@nando740 nothing to do with being a service account. There is a standard group on modern Windows machines that controls who is allowed to log in remotely with po********
Thanks again. Logged in.
Tools like In****-AC**** and prex*** are failing with a lot of untreated errors. From what I understand, I need two aces in the domain object.
I am quite new to hacking on Windows machines. Got the user so and can login via Em.
I created another user and can login to that via E*******m.
Now I try do change the A*l with the P****S****t method A**-D*************l - sine the dog told me that’s the fastest way. But everytime I try to add righs with A** -D*************l the E********m kinda timeouts and the command does not succeeds.
Looking for a nudge here, I don’t see how this is possible with E01 server being down. I’ve read through countless articles about the E***** group issue and I get
Looking for a nudge here, I don’t see how this is possible with E01 server being down. I’ve read through countless articles about the E***** group issue and I get
Rooted Finally ! My first AD box and the journey was wonderful. Ty @Louff for the nudges and @VbScrub for your videos which helped me learn a lot about AD !
Spent few days on this machine and eventually owned it. Learnt bunch of new things on Windows Active Directory. Overall, this box is one of the closet box to what you will find in the real world. Thanks to @bumika for lots of useful hints and directions.
Feel free to PM me if you get stuck and want some hints !!!
Happy to help
First Windows box rooted!!!
This was a super fun box, thanks to @egre55 & @mrb3n for creating this awesome box, also thanks to @nando740 for helping along the way to get root!