Multimaster

I am bashing my head in the wall since last night even after bypassing WAF, nothing is crack-able from what I managed to dump. ?

@init5 said:

I am bashing my head in the wall since last night even after bypassing WAF, nothing is crack-able from what I managed to dump. ?

It’s crackable, just not the first thing you see

@clubby789 said:
@init5 said:

I am bashing my head in the wall since last night even after bypassing WAF, nothing is crack-able from what I managed to dump. ?

It’s crackable, just not the first thing you see

I got 17 in total with only 4 being unique, tried rockyou.txt against everything but nothing worked.
I am guessing I’m moving in the wrong direction.

Type your comment> @init5 said:

@clubby789 said:
@init5 said:

I am bashing my head in the wall since last night even after bypassing WAF, nothing is crack-able from what I managed to dump. ?

It’s crackable, just not the first thing you see

I got 17 in total with only 4 being unique, tried rockyou.txt against everything but nothing worked.
I am guessing I’m moving in the wrong direction.

You’re not moving in the wrong direction. Try harder :slight_smile:

cracked hashes… aaaand they aren’t leading anywhere?

Type your comment> @init5 said:

cracked hashes… aaaand they aren’t leading anywhere?

I’m at the same point lol

@idomino said:

Type your comment> @init5 said:

cracked hashes… aaaand they aren’t leading anywhere?

I’m at the same point lol

Try harder :wink:

So if you have the passwords maybe you miss the other part…

I’m trying to ask this as cryptic as I can, please mark it spoiler if too much. So I managed to use a user/pass pair in a service where I was surprised I can only access ****** and can’t access D**********, found new information in ****** that I’m not sure yet how useful it is. Is that the way?

Edit: sorry was an idiot, got the user flag :slight_smile:

Edit2: aaaaand it was decided that the ‘patch’ will reset all progress… not cool.

Spoiler Removed

Ok. I guess i miss something…
I have no pb to get a list of users (with 2 methods: kte and web front end) and i don’t see any waf blocking me. by the way actually i can’t enumerate web front end (the waf thing must be here :)) and… i’m lost.
Can’t get any hash from users i found (even changing domain etc…) so can’t get any real entrypoint. (nor dictionnary, nor dog, nor evil etc…)
So my only question is: should i work harder to scan web front end or should i work harder with tools like im
t or is there another way i totally missed :slight_smile: ?

Is rockyou supposed to be used for the hash? Tried that with about 10 other dicts and nothing so far

Type your comment> @idomino said:

I’m trying to ask this as cryptic as I can, please mark it spoiler if too much. So I managed to use a user/pass pair in a service where I was surprised I can only access ****** and can’t access D**********, found new information in ****** that I’m not sure yet how useful it is. Is that the way?

Edit: sorry was an idiot, got the user flag :slight_smile:

Edit2: aaaaand it was decided that the ‘patch’ will reset all progress… not cool.

I didn’t find the user reset to be that bad actually… It was almost the exact same thing, you just couldn’t abuse the original tool and wordlist.

Edit: Rooted. Pretty tough box, especially after those user runs. Happily learned quite a bit from this one.

Foothold: Refer to @clubby789 as his comment is spot on here. The bypass isn’t as difficult as you think. Once you know how to bypass the WAF, enumerate away!

User: Your username wordlist may be a bit too short right now… Try harder :smile:

Root: AD is a monster. Send the hounds. Common enumeration/privesc techniques should be enough to get you through this one.

I might be a little bit out of my league here, but found the users along with the homage users , currently trying to exhaust all possibilities for where the hashes are, so far feeling pretty good not feeling beat down by the box yet… I’ll check in tomorrow to see if i have more gray hairs

Trying to get the needed username. I think I know what to do, but because of the WAF I cannot reuse any code, but instead need to write my own.

This part is really frustrating… If anyone has gotten the needed user to login the intended way, could you PM me, so I can check if my script is correct?

Nice learning experience so far though. :slight_smile:

Edit: Finally got user!
This was really tough. I liked the part to get user though. Really made me look deep into a lot of things a never really even thought about.

Thanks to @MinatoTW and @egre55 for the painful, but awesome experience so far.

Root must wait till tomorrow… This was really exhausting.

Edit 2: Got root!
Really interesting walk through AD.
However, the box has a bit of a design-flaw so that it can easily spoil other users…

Ok got the user the intended way now as well :slight_smile: I’m worried what root will be like, because so far this wasn’t really Insane. Medium/Hard at best depending on your comfort level with certain things.

Are the 403s expected? really annoying

@gu4r15m0 said:
Are the 403s expected? really annoying

Yes, it’s part of the game :wink:

Finally got root, really nice machine!

Anyone that owned the machine willing to discuss different approaches to own the entire domain? Please PM me.

Hi, found 17 but not sure if need to find anything else from there, took 17 and push to packet but nothing, any advice?