Sauna

Type your comment> @VbScrub said:

Type your comment> @FatPotato said:

(Quote)
you can’t fix it really. Its a problem on this box for some reason… it just stops accepting connections on that port. Reset it several times and hope for the best :confused: or report it to HTB and hopefully they’ll take it more seriously than when I reported it a while ago

This was what had made me stuck on the box for so long. What’s weird was I couldn’t even see the service running in my scans. Eventually, what had worked for me was changing my server .

I had an absolute heck of a time using the evil one and uploading the peas and carrots. I could not execute, just error after error after error. I couldn’t execute the exe. I really don’t know what I am doing wrong. Oh well. Keep trying. Even tried the full path to the file, still nothing. Try Harder I suppose!

I need a tip for root. Is it normal that the password of user h***** has expired?

Rooted <3

Pm if somebody need’s nudge. Happy to help always :slight_smile:

Type your comment> @misc2342 said:

I need a tip for root. Is it normal that the password of user h***** has expired?

No. Password remains the same it never expires.

Type your comment> @nobyl said:

Type your comment> @kpwn said:

I have creds for 3 User accounts but login only works with one of them.
The account starting with s… has a long PW starting with Mo…
But i cannot login with that account. Is the box stuck?

Possibly. You should be able to connect with that sc account via e**-w***m.

Hello,
I am in the same situation as nobyl. Got s** password but unable to login …
Box was reseted 3 times and I still can’t, is there soemthing I’m missing?

Edit: got shell, had to find logon username for this account.

How the heck do i copy “SomeBloodyInfo” from PS to my kali host?
Been taking a walk into the forest but the steps seem to fail.

Please assist with hints!

Hello, first machine I’m trying, love HTB :wink:

In my case, I am either on a rabithole or close to finish.

se…mps.py got some juicy secrets but ha…at seems to fail using some basic syntax using a very well known rock file. Am I missing something?

Thanks :slight_smile:

That was my first windows box and i pwned it and i learned many new things i didn’t know before!

for the foothold: try to think as an admin, or you can read about how companies refers to employees names in emails.
for user: I really missed chicken roasting! Try to roast something.
for root: winPEAS.exe will help you in basic enumeration then find the wanted AD attack!

If you need help, just DM me and if you already pwned it you can pass-the-flag here [ The walk through of sauna box from HTB. – MagMadiat ] to read my write-up :slight_smile:

Rooted.

I had a really hard time with this box and in the end one method for root worked while another didn’t and I do not really understand why. If anyone wants to PM me with information or answers to my questions it would be great!

Im so bad at Windows…

@zalazalaza

Send me a PM with what you didnt understand and I’ll explain

guys I am stuck. I’ve tried every possible way to login using s**_****** and it’s just not happening. got user flag and used all of hades pet’s tools and im turning up nothing. any help is extremely appreciated. been going all morning on this one

nm, figured it out :wink:

I haven’t figured out the root part yet, I believe I have User 2 creds for s***_r, I’m using the ti***r tool but I’m getting aurgument required errors

Great box! Thank you @egotisticalSW I am not great with AD and I had to learn a lot. But that’s what wea re all here for. Here are my tips:
User: Sometimes you can’t just get the users. Sometimes you have to use OSINT and make a list yourself. Then find a way to check your work.
Root: I found more creds. I used them on a tool to help me dump a bunch of secrets.
Feel free to PM for nudges.

if you’re stuck on user, try the team page and barbecuing all the possible usernames

Type your comment> @dezatino said:

Type your comment> @Ad0n said:

Hey guys is clock skew giving anyone problems ?

the people that you are trying to hangout maybe live in a different country… :wink:

If you are having skewing problems, sync your system time with the DC as the NTP server

Hello, Can someone PM me?
This is my first windows box and I’m stucked.
DId basics network, web and ldap enumeration. I don’t know which protocol must be the vulnerable target… And do want to be on the wrong path!
Thank you in advance

Rooted!

User: Enumerate and Google 4 common ActiveDiretory exploitation techniques.
Root: Take a walk through the Forest. Some key techniques should lead you to the right path.