Wow,what a ride @VbScrub ,that initial foothold cracked my skull for quite some time but once over it it was smooth sail until the RE step and @cyberafro and @EvilT0r13 helped me cross that bridge.
Looking back at it I can see how the machine was really straightforward and could have potentially been rated easy,I guess that RE changed that rating.A lot of hints in the initial enumeration to complete the whole box honestly,enum enum and more enum!!!
This box just added onto my now extensive experience in AD bro,interacting with the dead was a brand new concept to me completely.
Would anyone be willing to nudge on what to do with the hex info in .r** file? I am out of ideas what else to try. I got r.t user and password, looted through files and have been completely stuck for 2 days since…
Would anyone be willing to nudge on what to do with the hex info in .r** file? I am out of ideas what else to try. I got r.t user and password, looted through files and have been completely stuck for 2 days since…
Google the tool and there are a few articles on how to translate that into a real password. It’s easier on windows but can be done in Linux as far as I am aware.
I don’t normally comment on boxes. This one actually represented the difficulty level in my opinion. As far as how real it is very real if your doing a pentest. Dumping GC and grepping for keywords is very common way of finding interesting things even if your a normal admin doing maintenance.
i have the passwd of r.**son,and vc passwd ,but i can’t login from psexec,wmiexe,winrm…is this mean i don’t have corret auth? or other server i can login i caught not find?
I finally did it.
What a funny machine.
Had lost a lot of time with the first user at the beginning. Here you really need eagle eyes, if you do not know what you are looking for.
So I have also learned something that I should look at additionally.
After that, everything came one by one
For user and root access everything is already here.
rooted finally,
Foothold was easy as long you are not lazy like me and that got me stuck for a while.
root part was quite interesting and tought me something new about AD and user’s permissions. happy to give nudges if required.
I saw many hints for root is talking to the dead. Still wondering what it means
NVM, got what it means
Still need the 3rd user so I can talked to the dead
Edit: got it. rooted
@x00byte said:
Hi so i got root flag first is this an unintended method ?
Yep. Someone probably restored an object they shouldn’t have. Don’t really know why they’d do that as you only gain permissions to do that when you already have root but yeah, reset the box and try again
Well I have to do it again ?
Not necessarily. As @TazWake said, it depends on how you got there.
It is possible to get to root without ever using shell access with the “user” user
Would anyone be willing to nudge on what to do with the hex info in .r** file? I am out of ideas what else to try. I got r.t user and password, looted through files and have been completely stuck for 2 days since…
Google the tool and there are a few articles on how to translate that into a real password. It’s easier on windows but can be done in Linux as far as I am aware.
There are Python scripts that can do it for you. Funnily enough, a colleague needed that script a few weeks ago during an actual engagement :lol:
Hey dear community, i stuck at the RE on the A**** folder. I don’t know how to proceed and how to open the .d** files correctly, can i get some help please?