Just wanna give my two cents since I struggled more than i thought for such a simple privesc…
for user:
-Basic AD pentesting, if you cant get user on this (which i couldnt before doing some of the ad boxes then came back to this box) maybe take a look at some of the other AD Boxes first!
for root:
part 1:
-Enumerate, cant really hint this part without giving too much away.
part 2:
-Get to know who you are better
-Read the hint given by the other user in the file. Dont only read it, take it in!! cuz the hint went over my head and didnt think much, got it right the first time, completely messed up the timing, and went down a rabbit hole thinking i had to bypass this and code that when really it was just a few commands. So yeah, time your exploit in accordance to the note left by whatername.
-Get flag!
thanks for a cool but challenging box, wasnt easy but got there in the end lol
Message on discord if youre still stuck (Name is same as this, just search htb discord)
Rooted, but root took me way too long and that’s because the dn****ins exploit i was trying didn’t work. The strangest part is that the commands didn’t output any error they just straight up didn’t want to work. Anyway, after copy pasting the same thing again and again it decided to work. Does anyone know why did this happen?
P.S. thanks for all the hints
Solved finally, thanks a lot for whom I received nudges from, specially for @TazWake and @jibbiez
Thanks for sure for the creator … I love my 2nd windows box
Anyone who can help me with root? I allready build the dll file and set up the s*b server in order to execute my code. But I just don’t get a reverse shell. …
For user1: Active Directory enumeration will give you good information, after obtaining this information and connecting to a windows service, it will give you a password for that first user.
User2: Logged in with the username and password you obtained earlier, look for things in C: using some commands that give you better kept information
For Root when using Wi *** eas.exe it will show you some things there is spo go on google and search for this information, it will give you all the way to privesc.
Ive tried a couple of things, but I havent been able to get them to work. msv seems the easiest route, after paying attetnion to architecture and creating a basic reverse shell, I am unable to actually get the shell using dnsc**. Could use a nudge
Stuck for hours and hours on checking if the victim is able to access my share through the smb…
“net view \smb_server_ip” → net.exe : The Server service is not started
Can someone help me?
Really good box! I was nervous seeing there was no http service like usual but it really helped be learn about some new tools and windows! Thanks to the creator!