Multimaster

Are the 403s expected? really annoying

@gu4r15m0 said:
Are the 403s expected? really annoying

Yes, it’s part of the game :wink:

Finally got root, really nice machine!

Anyone that owned the machine willing to discuss different approaches to own the entire domain? Please PM me.

Hi, found 17 but not sure if need to find anything else from there, took 17 and push to packet but nothing, any advice?

Rooted.

One of the best machine i ever did from now. Thanks to @MinatoTW & @egre55, i learned a bunch of new things.

User hint: Take a look on the principal running services we always use to perform a certains kind of attacks and try a way to breach.

Root hint: Lateral and enum, lateral and enum, lateral and…

Rooted! This was a tough box, but a great learning experience for abusing Windows/Active Directory. Finding the right username for the user part was where I got stuck, but thanks to @idomino for the nudge in the right direction. I learned a new technique. :smiley:

After that, as has been mentioned, it’s just lots of enum and lateral movement. I liked that each lateral movement could serve as a “checkpoint” you could return to pretty easily (in case of resets, fatigue).

I learned a lot and got to put into practice a lot of techniques I’ve mostly read about. Thanks for the great box @MinatoTW and @egre55.

Type your comment> @init5 said:

cracked hashes… aaaand they aren’t leading anywhere?
can you hint how you cracked them I tried everything with the unique ones

EDIT: got user
Edit: Finally got root very thanks to my friend @rootSySdk for his nudges and patience
learned a lot of things thanks to @MinatoTW and @egre55 for this great box

Anyone wanna throw a nudge towards bypassing that WAF? I feel like i’ve tried to tamper with everything.

Rooted! Khm at least got the root flag :slight_smile: Will come back at some point to get a full shell. Insanely fun machine, more of a marathon than a sprint. Thank you @seekorswim and Shusaku for those 2 nudges in the right direction. Great box @MinatoTW and @egre55!

Type your comment> @farbs said:

Validated users and dumped a hash. Onward! :slight_smile:

Edit: Passwords obtained!

Any hint about how to find the hash? Impacket or Web? Or any reading material?

Thanks!

Spoiler Removed

Spoiler Removed

Spoiler Removed

finally rooted!!! All the initial foothold is in this forum… Thanks for the root nudges @PwnAddict

Type your comment> @dinkar said:

finally rooted!!! All the initial foothold is in this forum… Thanks for the root nudges @PwnAddict

Welcome bro!

From https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/security-identifiers:

The process of replicating changes in one master copy of the account database to all other master copies is called a multimaster operation.

Finally got root , a very long but very interesting way to root
I learned a bunch
Thanks for this box !
pm me for hints

Type your comment> @init5 said:

@clubby789 said:
@init5 said:

I am bashing my head in the wall since last night even after bypassing WAF, nothing is crack-able from what I managed to dump. ?

It’s crackable, just not the first thing you see

I got 17 in total with only 4 being unique, tried rockyou.txt against everything but nothing worked.
I am guessing I’m moving in the wrong direction.

Same point, been stuck for hours. A nudge would be welcome :slight_smile:

Type your comment> @syn4ps said:

Type your comment> @init5 said:

@clubby789 said:
@init5 said:

I am bashing my head in the wall since last night even after bypassing WAF, nothing is crack-able from what I managed to dump. ?

It’s crackable, just not the first thing you see

I got 17 in total with only 4 being unique, tried rockyou.txt against everything but nothing worked.
I am guessing I’m moving in the wrong direction.

Same point, been stuck for hours. A nudge would be welcome :slight_smile:

Same here :neutral:

I feel stupid, but I just can’t get past the WAF. A nudge would be greatly appreciated