Cascade

trying to wake up the dead with the right account but getting access denied , any idea ?

@Ch0p1n, you don’t need to wake them up…just do a little grave robbing.

Type your comment> @marlasthemage said:

@Ch0p1n, you don’t need to wake them up…just do a little grave robbing.

Thank you very much , got it

Hello, I am facing problem with this box.I can’t connect using Evil-Winrm but with the same username and password I can connect using smbmap.
username s.h
password s
2

Type your comment> @samirul said:

Hello, I am facing problem with this box.I can’t connect using Evil-Winrm but with the same username and password I can connect using smbmap.
username s.h
password s
2

that is not a problem, that is by design. Not all users can connect to WinRM (in the real world, only admins usually)

Did anyone have a problem with HTB not accepting the user.txt flag? I assume this is a bug with the new dynamic flags feature, but it’s so very annoying. I raised a support ticket will see what they come back with.

I double-checked my lab vpn connection was the same that the website thought, also that the machine hadn’t just been reset. I took the flag and immediately submitted it after getting it.

@orangehat yep, loads of people. I sent feedback to HTB about it as well

Type your comment> @VbScrub said:

@orangehat yep, loads of people. I sent feedback to HTB about it as well

Ahh, oops sorry to spam the forum then. Was worried about seeing some spoilers, trying to do boxes hint free nowadays!

Rooted! Really fun machine! Thanks :slight_smile:

Rooted… learned a ton about windows. feel like the relationship i now have with windows just turned from pure hatred to " it’s complicated :wink: "
PM for nudges
+respect if i helped you :slight_smile: cheers!

Rooted, thanks to @Alpha19 ^^.

My tired head couldn’t see the end in plain sight!

Lesson - More sleep required.

Cheers Alpha, for the nudge.

Hello all. Can anyone give me a tip on finding the command for the last step for root? I can see the entry for the dead guy, but can only find info on restoration, not to see the actual data. I attemped to use ld*pSea** too but couldn’t pull entry either. TY!

Type your comment> @Ch0p1n said:

trying to wake up the dead with the right account but getting access denied , any idea ?

I am here also. Give me some hints. Thanks.

Got root, finally! For me, this box introduced new areas to read up on for AD.

Type your comment> @orangehat said:

Did anyone have a problem with HTB not accepting the user.txt flag? I assume this is a bug with the new dynamic flags feature, but it’s so very annoying. I raised a support ticket will see what they come back with.

I double-checked my lab vpn connection was the same that the website thought, also that the machine hadn’t just been reset. I took the flag and immediately submitted it after getting it.

I had the same problem with the root flag. Resets did not work, but terminating and then starting up the machine again did. I noticed that the flag did not change between resets.

Type your comment> @todzhang said:

Type your comment> @Ch0p1n said:

trying to wake up the dead with the right account but getting access denied , any idea ?

I am here also. Give me some hints. Thanks.

You dont need to bring anyone back. (self promo warn) either research my Github (same name, use the branch from PR) for a .py enum script or research what Get-ADObject can return with the proper filter.

Type your comment> @zelensky said:

I had the same problem with the root flag. Resets did not work, but terminating and then starting up the machine again did. I noticed that the flag did not change between resets.

Now having the problem with root too. I reset, and stopped/started the machine, but it’s the same, just get flag incorrect. Will have to try again later, don’t have time for this ■■■■ right now. Maybe terminating, disconnecting, then later reconnecting and starting up a fresh machine will work.

They should have published their code on GitHub or something before releasing it so we could review it, seems to be buggy AF.

yea i had the same problem with root flag, was telling me that was incorrect. after a reset and re-root it passed. so i guess as of now, writeups are dead???

very good machine @VbScrub keep em coming :smile:

Got user. I already had admiration for @VbScrub for his previous box, but the admiration only increased. So far it’s pure enjoyment. Going for root.

@T13nn3s said:
Got user. I already had admiration for @VbScrub for his previous box, but the admiration only increased. So far it’s pure enjoyment. Going for root.

haha thanks :slight_smile:

Rooted!
Finally got some time and did this box!
Learn a couple of new things, like how to bring back the dead.

No idea what is this Chef people talk about.

Enough tips on this thread already, but for root you just need a couple of PS Cmdlets once you know what your last user can do.