In my personal view this box is much harder than other boxes with more points and I struggled a lot. But it was very good for learning about windows and now I know where I can focus my training on for a while Thanks for making that box
@egotisticalSW Thank you for this box. It has truly taken me on a joyride where I got to learn a lot about AD and loads of new tools. Definitely need more practice with Windows boxes.
I managed to get two uer accounts and a reverse shell with svc_****gr account.
Can someone give me a hint on [email protected]**********l, please? I've been looking everywhere (I think) but can't get from svc_*****gr account to administrator on SAUNA machine...
Reviewed FOREST (again) and a lot of other stuff from IPPSEC about Kerberos, Impacket, etc. Thanks in advance.
root was easy, similar to other AD machines for me harder was getting a foothold with proper username, I combine in the right way in firs time but its somehow get me an error and I spend a lot of time)
so for User1: make a list and don't delete wrong names
User2: one tool can enumerate all you need.
Root: proper syntax that all you need.
and as always PM on any platform for any help.
I managed to get two uer accounts and a reverse shell with svc_****gr account.
Can someone give me a hint on [email protected]**********l, please? I've been looking everywhere (I think) but can't get from svc_*****gr account to administrator on SAUNA machine...
Reviewed FOREST (again) and a lot of other stuff from IPPSEC about Kerberos, Impacket, etc. Thanks in advance.
Are you watching to the end that video? It has some hints. pm for more info because of its spoiler >_<
User:
1. Gather names from website
2. Build a list of possible usernames (the most popular corporate convention)
3. Run you usernames against the one imp tool which doesn't need a password
4. Use evil tool or Powershell to remote
Root:
1. Run a popular privesc script, get user2
2. Run another imp tool to extract interesting info
3. Pass the info
@GokuBlackSSR said:
Get a name H**** S****, is this a good start?
Alright just finished this one! User is actually not hard at all, but you have to learn to stop thinking so concretely and start thinking outside of the box a little. It's a Windows box, using Active Directory. What are some common username naming conventions? (it took me way too long to figure this part out lol). For root, just go down the basic list of Windows privesc techniques; you'll uncover a little more info along the way and use that to obtain admin access. I found getting admin easier than user just simply because I have seen the techniques before. PM me for help!
Getting tripped up a little bit with the user account, I've confirmed I have the username but I keep receiving "Name or service not known" when trying to grab the hash. Has anyone seen that before?
This was a fun box to do for me. I don't have a lot of windows experience so it was very nice to learn more about common AD enumeration and exploitation techniques.
I suppose for the more veteran Windows pentesters this box is a piece of cake. But this box is definitely a way to learn the techniques and become a better Windows pentester.
This was a really good box and one that taught me quite a few new skills so thanks to the creator and also to @VbScrub for the video which got me on my way.
Lots of hints on these threads should get you all the way to root.
When i use the GtU.p* script i already had it and it solves executing with usersfile param, but now i dont know what could it be.
Thanks
Edit 1: Solved.
Edit 2: rooted.
Hi,
How did you solve problem with I*pa**et and parameter "digestmod"?
So I've got second user and know that I should use D**nc attack, but Mmi**** doesn't work and sec****d*mp has a error with parameter 'digestmod'. What I should to do?
Comments
@KrishnaG what do you mean by 'default' username/password? Have you found user credentials?
In my personal view this box is much harder than other boxes with more points and I struggled a lot. But it was very good for learning about windows and now I know where I can focus my training on for a while
Thanks for making that box
@egotisticalSW Thank you for this box. It has truly taken me on a joyride where I got to learn a lot about AD and loads of new tools. Definitely need more practice with Windows boxes.
Type your comment> @absolutenoob said:
Yes, i found the user credential. while trying to get access, getting "WinRM::WinRMAuthorizationError" error.
Type your comment> @KrishnaG said:
I got the root flag.
Thanks.
I need a little nudge. I have user, but I'm thrashing a bit on where to go to get root. Went through bloodhound etc. Can someone DM me with a nudge?
I managed to get two uer accounts and a reverse shell with svc_****gr account.
Can someone give me a hint on [email protected]**********l, please? I've been looking everywhere (I think) but can't get from svc_*****gr account to administrator on SAUNA machine...
Reviewed FOREST (again) and a lot of other stuff from IPPSEC about Kerberos, Impacket, etc. Thanks in advance.
https://www.hackthebox.eu/home/users/profile/74337
root was easy, similar to other AD machines for me harder was getting a foothold with proper username, I combine in the right way in firs time but its somehow get me an error and I spend a lot of time)
so for User1: make a list and don't delete wrong names
User2: one tool can enumerate all you need.
Root: proper syntax that all you need.
and as always PM on any platform for any help.
Type your comment> @Wrebra said:
Are you watching to the end that video? It has some hints. pm for more info because of its spoiler >_<
Type your comment> @applepyguy said:
w00t, root dance!
Is there another way for getting on the machine with f***** user than e****-*****m?
Got root! Thanks to everyone for their tips. Good fun, learned a lot. ;-)
https://www.hackthebox.eu/home/users/profile/74337
Got root. Thanks all.
CISSP
++Repect If you think I help =]
can somone hints me please ? im stuck for finding user
At the end got root.
Here are my hints
Get a name H**** S****, is this a good start?
Now i need to convert the Name to an authentic Username...
I need some help, found user but pocket tool says I cant use it. thanks!
User:
1. Gather names from website
2. Build a list of possible usernames (the most popular corporate convention)
3. Run you usernames against the one imp tool which doesn't need a password
4. Use evil tool or Powershell to remote
Root:
1. Run a popular privesc script, get user2
2. Run another imp tool to extract interesting info
3. Pass the info
Not exactly, there is another S.
Alright just finished this one! User is actually not hard at all, but you have to learn to stop thinking so concretely and start thinking outside of the box a little. It's a Windows box, using Active Directory. What are some common username naming conventions? (it took me way too long to figure this part out lol). For root, just go down the basic list of Windows privesc techniques; you'll uncover a little more info along the way and use that to obtain admin access. I found getting admin easier than user just simply because I have seen the techniques before. PM me for help!
Getting tripped up a little bit with the user account, I've confirmed I have the username but I keep receiving "Name or service not known" when trying to grab the hash. Has anyone seen that before?
This was a fun box to do for me. I don't have a lot of windows experience so it was very nice to learn more about common AD enumeration and exploitation techniques.
I suppose for the more veteran Windows pentesters this box is a piece of cake. But this box is definitely a way to learn the techniques and become a better Windows pentester.
Don't know what I'm doing wrong I use enum4linux, ldapsearch, rpcclient and some python scripts and get 0 info. Any hint?
Edit: Also I use nullinux and still nothing
Got creds for H....S.... but dont really know what to do with them, any help?
Type your comment> @Peleg said:
That account is not... good. Look for others
My youtube tutorials: http://youtube.com/vbscrub
Twitter: https://twitter.com/VbScrub
i got the gift from imp****. Our friend john is not able to do the work in my case.
Maybe im doing something wrong...
Need hints to Evil via PM never ear about it "I think"
Root dance!
This was a really good box and one that taught me quite a few new skills so thanks to the creator and also to @VbScrub for the video which got me on my way.
Lots of hints on these threads should get you all the way to root.
Type your comment> @DavidGB said:
Hi,
How did you solve problem with I*pa**et and parameter "digestmod"?
So I've got second user and know that I should use D**nc attack, but Mmi**** doesn't work and sec****d*mp has a error with parameter 'digestmod'. What I should to do?
Hi.
When I use GetNPUsers I get KDC_ERR_WRONG_REALM. What I can do with it?
great machine tbh
OSCP/OSCE/OSWE