Sauna

Type your comment> @Psyfer said:

Help please! I have user fh and pwd T******3. Not sure how to use them…been trying to log in usin ev**-****m but no luck…Please dm

I sent you a DM.

Am i supposed to find some hash in the foothold ? I only got one user (hs), no idea where to go next (tools requires password).

Ok with some help i’ve found the user.

To be clear : i was in the wrong way because of the H*** S**** thing. If you find this, dont insist with this and think more simply/logical.

Also, ive found 2 versions of the GPN***, the first i had didnt handled userslist. I had to nano a .py with the good script, strange.

User complete, on my way to root!

Hi, i tried access through default username and password, getting error “WinRM::WinRMAuthorizationError happened, message is WinRM::WinRMAuthorizationError”. Can u help me for fixing this.

@KrishnaG what do you mean by ‘default’ username/password? Have you found user credentials?

In my personal view this box is much harder than other boxes with more points and I struggled a lot. But it was very good for learning about windows and now I know where I can focus my training on for a while :slight_smile: Thanks for making that box

@egotisticalSW Thank you for this box. It has truly taken me on a joyride where I got to learn a lot about AD and loads of new tools. Definitely need more practice with Windows boxes.

Type your comment> @absolutenoob said:

@KrishnaG what do you mean by ‘default’ username/password? Have you found user credentials?

@absolutenoob said:
@KrishnaG what do you mean by ‘default’ username/password? Have you found user credentials?

Yes, i found the user credential. while trying to get access, getting “WinRM::WinRMAuthorizationError” error.

Type your comment> @KrishnaG said:

Type your comment> @absolutenoob said:

@KrishnaG what do you mean by ‘default’ username/password? Have you found user credentials?

@absolutenoob said:
@KrishnaG what do you mean by ‘default’ username/password? Have you found user credentials?

Yes, i found the user credential. while trying to get access, getting “WinRM::WinRMAuthorizationError” error.

I got the root flag.
Thanks.

I need a little nudge. I have user, but I’m thrashing a bit on where to go to get root. Went through bloodhound etc. Can someone DM me with a nudge?

I managed to get two uer accounts and a reverse shell with svc_****gr account.

Can someone give me a hint on administrator@**********l, please? I’ve been looking everywhere (I think) but can’t get from svc_*****gr account to administrator on SAUNA machine…

Reviewed FOREST (again) and a lot of other stuff from IPPSEC about Kerberos, Impacket, etc. Thanks in advance.

root was easy, similar to other AD machines for me harder was getting a foothold with proper username, I combine in the right way in firs time but its somehow get me an error and I spend a lot of time)
so for User1: make a list and don’t delete wrong names :wink:
User2: one tool can enumerate all you need.
Root: proper syntax that all you need.
and as always PM on any platform for any help.

Type your comment> @Wrebra said:

I managed to get two uer accounts and a reverse shell with svc_****gr account.

Can someone give me a hint on administrator@**********l, please? I’ve been looking everywhere (I think) but can’t get from svc_*****gr account to administrator on SAUNA machine…

Reviewed FOREST (again) and a lot of other stuff from IPPSEC about Kerberos, Impacket, etc. Thanks in advance.

Are you watching to the end that video? It has some hints. pm for more info because of its spoiler >_<

Type your comment> @applepyguy said:

User complete, on my way to root!

w00t, root dance!

Is there another way for getting on the machine with f***** user than e****-*****m?

Got root! Thanks to everyone for their tips. Good fun, learned a lot. :wink:

Got root. Thanks all.

can somone hints me please ? im stuck for finding user

At the end got root.
Here are my hints

  • user: enumerate and mix user information you found with administrator point of vire
  • root: enumerate and use new user to dump as poassword as you can.