Sauna

Great box! Thank you @egotisticalSW I am not great with AD and I had to learn a lot. But that’s what wea re all here for. Here are my tips:
User: Sometimes you can’t just get the users. Sometimes you have to use OSINT and make a list yourself. Then find a way to check your work.
Root: I found more creds. I used them on a tool to help me dump a bunch of secrets.
Feel free to PM for nudges.

if you’re stuck on user, try the team page and barbecuing all the possible usernames

Type your comment> @dezatino said:

Type your comment> @Ad0n said:

Hey guys is clock skew giving anyone problems ?

the people that you are trying to hangout maybe live in a different country… :wink:

If you are having skewing problems, sync your system time with the DC as the NTP server

Hello, Can someone PM me?
This is my first windows box and I’m stucked.
DId basics network, web and ldap enumeration. I don’t know which protocol must be the vulnerable target… And do want to be on the wrong path!
Thank you in advance

Rooted!

User: Enumerate and Google 4 common ActiveDiretory exploitation techniques.
Root: Take a walk through the Forest. Some key techniques should lead you to the right path.

Password:
[-] SMB SessionError: STATUS_PASSWORD_EXPIRED(The user account password has expired.)

Getting this error… please help

@parag1232
The user account password has expired

I’m not sure how much clearer anyone could explain it?

Type your comment> @VbScrub said:

@parag1232
The user account password has expired

I’m not sure how much clearer anyone could explain it?

I am getting this error for user2 … h****t

@parag1232
look at another user account then. That one is not usable

Yay, got root after 2days !

Was stuck with an error when i was trying to connect with the f user.
Lost few hour with this, after that it’s pretty fast to get what you want

!For those who are experiencing the same issue with the “Etool”, switch lab, worked for me.

Rooted.
Hint: Evil is your friend, always.

Got user f*** creds. Found user srv*** creds. Got NO idea how to escalate :frowning: DM for nudges pls

Write-up available here : HTB – Sauna – Write-up – H2K (French, protected by password). DM message if you need some help. This box was very interesting. Enumeration is the key!

Help please! I have user fh and pwd T******3. Not sure how to use them…been trying to log in usin ev**-****m but no luck…Please dm

I sent you a DM.

Type your comment> @Psyfer said:

Help please! I have user fh and pwd T******3. Not sure how to use them…been trying to log in usin ev**-****m but no luck…Please dm

I sent you a DM.

Am i supposed to find some hash in the foothold ? I only got one user (hs), no idea where to go next (tools requires password).

Ok with some help i’ve found the user.

To be clear : i was in the wrong way because of the H*** S**** thing. If you find this, dont insist with this and think more simply/logical.

Also, ive found 2 versions of the GPN***, the first i had didnt handled userslist. I had to nano a .py with the good script, strange.

User complete, on my way to root!

Hi, i tried access through default username and password, getting error “WinRM::WinRMAuthorizationError happened, message is WinRM::WinRMAuthorizationError”. Can u help me for fixing this.