Sauna

got a username and hash to crack offline. cewl wordlist for password cracking did not help…did I miss something !

Rooted!

Thanks to @VbScrub and your videos! It is not easy to teach pentesting and nowadays it is really hard to find a good pentester that is, at the same time, a good teacher.

For those struggling with AD just check his youtube channel!

@TheDante98 thanks, much appreciated :slight_smile: new video going up later today as it happens

I got a first user F * * * h and use it with evil-winrm then got the second user s * * * r and use it with evil-winrm but after a couple of minutes the connect close and when I use evil-winrm again I get this message

Error: An error of type HTTPClient::ConnectTimeoutError happened, message is execution expired

plz, any help

@0xRick99 the WinRM service on this machine seems to die a lot. Reset the machine and if that doesn’t fix it (which it often doesn’t) then try changing your VPN region so you get a different server. Also raise a support ticket with HTB so they know how many people this is happening to (you’re about the 15th person I’ve seen mention it in here or in PMs). When I raised a support ticket about it ages ago they said its not a problem for anyone else.

can somebody please help with runas. I got service account and password. Please dm or point to resource. thanks

Type your comment> @andrhtb said:

can somebody please help with runas. I got service account and password. Please dm or point to resource. thanks

Forget about what you are trying.
And try something EVIL

Can someone help me with this box. I can’t get e***l to work. Always returns the same error. Tried changing my VPN and resetting the box.

Very intersting box! One of my favorite on Windows. Thanks @egotisticalSW

FOOTHOLD: launch the “lynx” on the team and catch them all!
USER1: kerbrute, impacket and rocks!
USER2: WindowsEnum.ps1 (read really carefully the output, remember whats you get before…),
ROOT: with your new rights, pass the…

Got user. On my way to root now!

Rooted. My first AD box, learned a lot of information about it’s functionality and some cool tools. b********d is nuts for understanding the structure. Thanks for the box!

rooted!
Very good machine almost like in real life
Thanks to @choupit0 !

nvm rooted. wrong path

oh,I have user 1 and password,i see hight port open,use E**,but it response time error,so I go to enum other things… I wasted 3-4 hours in this!!!. If someone encounters the same situation as me,just reset box,it will working!!!

Type your comment> @n00baaa said:

oh,I have user 1 and password,i see hight port open,use E**,but it response time error,so I go to enum other things… I wasted 3-4 hours in this!!!. If someone encounters the same situation as me,just reset box,it will working!!!

wo,root it.hahahaha!

I’m lost here, every keeps mentioning evil and I’ve tried evil-**n*m but it’s not helping any, I have a ton of potential users in all the formats I can imagine and I’m getting nothing

got user, man was that odd though… and i think i got the wrong first user but im gonna run with it

got user, man i’m just sittin in the sauna, WINning like charlie sheen, eatin PEAS

Finally rooted… Thanks @VbScrub your videos were very helpful!

If im******-S********** is giving you errors about: Missing required parameter ‘digestmod’ I’d suggest using the actual S**********.*y script instead.

Oh my god. I was in a rabbit hole for hours until I tried s*********p. It cannot be this easy to root (╯°□°)╯︵ ┻━┻
Well, a good box nonetheless for learning Windows AD skills!