Got user flag in about 15 - 20 minutes but Iāve spent days trying to get root flag with no success. Can someone please PM me with a nudge? I have the network mapped out with bloodhound, just having trouble finding a way to take advantage
Got root, does anyone know why you have to get someone to walk the dog rather then walking it yourself?
Type your comment> @awarkozak said:
@idevilkz said:
+++ You need to make your new user have some special privileges within the domain
+++ for those special privileges you need to have understanding of how Active Directory stores its permissions related data in a context (hint).This is exactly what Iām having trouble with
read up on DCSync rights.You are nearly there
Help badly needed with root. I can create a new user, add him to two groups found by the dog, two others for remote access, but Iām still unable to run I*****-A*****.ps1 and/or m******z.
I think I have to add him to some local group, but Iām unable to make it work.
Hi,
Can someone give me a hint on how to get the users hashes?
Thanks!
isnāt the administrator enough?
Stuck trying to get root. I was happy being evil and I chased the path of the dog which seemed to work until I got to the end and I tried invoking the cat to take a bath but he wont get near the sink.
I thought I was really close but after reading all the comments here I see a lot of folks refer to adding their own accounts to the box but I canāt figure out how they did that. I think my dog was barking up the wrong tree and now Iām completely lost. Any body have any pointers to help me find the right trail?
Big thanks to @idevilkz for helping me out and pointing down the right trial!
Hi, I am stuck as I am not used to AD on windows machinesā¦ Got the user an his pass but am totally unaware what to do with it now!
I would prefer more than a nudge, maybe someone is willing to become my mentor?
Please PM!
I just got this one finally! Really nice to learn some new tools v impressed by the Dog tool particularly. Also surprised how Root took so long even after i figured out what i needed to move forward.
my advice for root is not to bother with all these pre-made auto-pwn scripts/tools out there when trying to gain your āspecial permissionsā because they donāt work from my experience. Once you work out the name of the permission you need you can acquire it yourself with powershell, google will show you how. The bit that really screwed me over was i left off the keyword āAllā Once you get this bit the rest will be easy
i need help on root please i have the admin account, but now i am stuck
nevermind i am an idiot
Guys i donāt get it. I mean is the dog even usefull or does it only show wrong paths?
I donāt see any path to get dsc permissions except over Ex*** Groups, wich didnāt work for me and a lot of people. Stuck
Just finished the box, barely before it retires Very nice box with a steep learning curve for anyone unfamiliar with AD - showed me my shortcomings quite nicely
Huge thanks to @nicolasmira101, @FiRePl4y and @som1 for helping me out.
As always, thanks to the creators @egre55 & @mrb3n !
This box isā¦
First off, the scripts are garbage and DONāT WORK, MK DOES NOT WORK, BH**** Is really bad and only works when you take the time to build it. I also follow the path of the dog and it didnāt work because ITāS OUT OF DATE WITH PV***.**. I took time when Iām not working (and most of the time I have been working) to Google stuff, read articles like the ones in this thread and also watch videos. WTF is going on?
I spent like 10 hours trying to get this root just before machine was going to be retired, but couldnāt get past giving my user replication rights as absolutely nothing was working (Powerview master, Powerview dev, anything you could find in any DCSync article, tried literally everything multiple times, using both Kali and Windows).
I just watched VBScrubās walkthrough and saw him casually paste the same script, hit enter and get the permissions. Then I watched Ippsecās video, where he uses PowerView and it just works somehow.
Oh well.
I realize this box is retired but for whatever dang reason, I cannot get this box to respond. One moment it is up and I can ping it. Other times, it wonāt respond. And this is coming from a VIP connectionā¦ This is really annoying.
@dodosstuff said:
Type your comment> @cipster86 said:Hello boys
could anyone help me, please??
i use nulx and im*t, with Gs.py i get s-*******o and his password.
I have problem with GU*s.py because i have this errors:
āNo entries found!ā Or ā[-] Kerberos SessionError: KRB_AP_ERR_SKEW(Clock skew too great)ā
I have change my time, but nothing =(
Thank you for your helpHad this too: Change the time -1 minute behind the server time.
@dodosstuff , Iām a newbie and I get the same problem. Could you give more detail how to solve the problem?
I was frustrated with dog showing a useless esc path too. If you view help on the āedgeā (right-click ā help) it will say something like āPrivilege escalation not guaranteedā. I think the intent is that if you canāt get privilege escalation using that path (which AFAIK you canāt), then you delete the edge (right-click, delete edge) and run the query again. After doing that, I got the dog to show me the path described in all the walkthroughs.
Thank you, @PartyGolbez.
I have still no idea why the dog shows a different (useless) path like in the walkthroughs.
Maybe itās a version issue?
Had to do this trick to show me at least something equivalent.
hey, i am facing the exact same issue - what did you correct in the switches then ? i am not able to spot the mistake