Sauna

Hey I am having trouble logging in using evil. Any tips? (User 1)

@VbScrub Just got root, and I could not have done it without your videos! Thanks for that, and now I have a few more tools for windows boxes.

Type your comment> @ShredX said:

Hey I am having trouble logging in using evil. Any tips? (User 1)
i was having trouble but then reset the box at it worked

@hershey said:
@VbScrub Just got root, and I could not have done it without your videos! Thanks for that, and now I have a few more tools for windows boxes.

no problem :slight_smile:

Ive spent a day looking for a way to get foothold. smb turning up no shares, rooting through the website, any nudge for the foothold would be greatly appreciated. any suggestion for tools etc…

WOW that was fun. Just rooted Sauna, thanks @VbScrub for (another) wonderful introduction to Windows!

This is great for teaching Active Directory. These resources here should help everyone immensely. Kerberos (II): How to attack Kerberos? https://troopers.de/downloads/troopers19/TROOPERS19_AD_Fun_With_LDAP.pdf

My hints for all:
User: It’s been said here already, but think like a professional. How would your username look in a corporate setting?
Root: Performing basic Windows enumeration will make you rich with knowledge. After that, enumerate again!

Feel free to pm me if you need any hints or nudges. I’m always happy to help!

Just rooted Sauna, and I want to give a huge shoutout to @AwkwardUnicorn for a nudge in the right direction. Really fun box, did go down a rabbit hole a bit chasing the third user, but learned a lot from the experience. Awesome box

Type your comment> @toledonavy said:

Type your comment> @Rainsec said:

rainsec (RainSec) · GitHub

I made a tool to assist for the foothold, read comments so you aren’t feeling lost :smiley:

your my hero

Glad it helped you !

After reading this entire thread and some help getting the user 1, I have managed to root this box. One thing I thing I must have missed is the permission difference between user 1 and user 2. I ran whoami /all and a dsquery user -samid user | dsget user -memberof -expand but could not see any differences unless I missed something.

@ChefByzen said:
WOW that was fun. Just rooted Sauna, thanks @VbScrub for (another) wonderful introduction to Windows!

I didn’t make this box :slight_smile: just started the thread on it. I do have a windows box being released this weekend though :wink:

any1 got error when trying use something evil ?

is there multiple ways to hack this box? Because I found a driver thingy that might be possible not sure if anyone has taken this route.

rooted, nice box, thanks to the creator.

User Hint : enumerate the website. There is a cewl tool which can help you find your way About here. Once enumerated usernames focus on the three headed dog.

Root Hint : enumerate additional users and info in the registry. Once you have the info you use, look for common AD weaknesses. You don’t necessarily need the password to log in.

Enjoy!

I have f***** and sc*****mr but i have a problem using the pocket tool to get admin creds. When i run the script s****dmp.p i get this error:

[-] RemoteOperations failed: Missing required parameter ‘digestmod’.
[*] Cleaning up…

When i use the GtU.p* script i already had it and it solves executing with usersfile param, but now i dont know what could it be.

Thanks

Edit 1: Solved.
Edit 2: rooted.

rooted finally…thanks to @IAMTH3G33K17 for nudge and @VbScrub @ippsec for youtube video…it really teach me for learning AD. Great box and thanks to @egotisticalSW .

Type your comment> @ope said:

is there multiple ways to hack this box? Because I found a driver thingy that might be possible not sure if anyone has taken this route.

it would be possible if this was a workstation OS, but on a server OS I don’t think its possible. Will send you a PM about it

really good box , learnt a lot, thanks a lot @HomeSen for the user2 nudge, hint for root is Look what you can do with a Powershell Script and Impacket

Just got user.txt :slight_smile: Calling it a night for now. Message me for hints on user and I’ll get back to you tomorrow.

Rooted.
Thanks to

VbScrub, cyberafro

Finally, rooted! Not a fan of the way to user. Root was nice!