Official Blackfield Discussion

Got a cred and trying to figure out what I can do with it.

Maybe Iā€™ll have to go to a Windows machine lol ā€¦ (pywerview and bloodhound.py is a little bit limited D: )

EDIT: Nvmā€¦ bloodhound.py did the job. My bad. =)

Type your comment> @zer0bubble said:

Type your comment> @idevilkz said:

interesting box.
so far I have found list of users > @gverre said:

Stuck for root. I would appreciate a nudgeā€¦ I can guess the last part, but cant find if we have to privesc before being able to exploit it, or if we should be able to exploit it with our actual userā€¦ Of if some are stuck at the same place and want to share idea!

Thx!

EDIT: There is a lot more ā€œtakerā€ than ā€œgiverā€ in this forumā€¦

For 70 nudge request, i got 0 nudge offer! :slight_smile:

that is true

THIS!

???

I got 3 users and a password which I cracked but donā€™t know where to use them :slight_smile:

Going through the ā€” shares of the first user with no luck!
Any nudges for the second user please?

EDIT : got a free user. That makes it two lol

rooted. Thanks @gverre and @TheT3rminat0r for user nudges.
very fun and educational.

Spoiler Removed

Iā€™m very sorry. Wasnā€™t aware I gave away too much. My apologies.

Rooted! Nice box! :slight_smile:

My tips:

Foothold: Basic enumeration. Having discovered ā€œthose directoriesā€, search for attacks related to that gigantic, three-headed dog :smile:
User: What file would be useful in a conventional Windows host exploitation?
Root: Who are you?

If the flag is not workingā€¦ yes, reset the box. There is no ā€œfakeā€ flag or something like that. o/

or change the VPN server. works for me :smiley: nudge for root pls :slight_smile:

stuck on last stepā€¦
managed to get the admin hashā€¦ but cant login?

Type your comment> @Wrebra said:

Got creds for s*****t account, have done extra enum with it, but nothing usable came out of it yet. Probably overlooking something, againā€¦
Nice box :wink:
Iā€™m off to bed now. God luck to you!

Iā€™m stucked here too. I tried connecting to the shares (with this creds) but nothing useful info.

@fvalle said:
Type your comment> @Wrebra said:

Got creds for s*****t account, have done extra enum with it, but nothing usable came out of it yet. Probably overlooking something, againā€¦
Nice box :wink:
Iā€™m off to bed now. God luck to you!

Iā€™m stucked here too. I tried connecting to the shares (with this creds) but nothing useful info.

Same. Cannot find a place to use these credsā€¦ Taking a break from it for tonight.

Very fun experience so far :smile:

Rooted! Really cool box, one of the easier of the ā€œhardā€ ones I would say. Although getting from user1->user2 in the enumeration phase tripped me up a bit.

Thanks!

Type your comment> @purplenavi said:

Really stuck as well. I have a huge list of usernames, but no idea how to use them, none of the things I tried worked. Any hints?

Me tooā€¦
I came up with a custom script to scan all their ā€œprofilesā€ but got nothingā€¦
Anyone could nudge, please?

I could use a nudge from s**_b***** to Admin.
Iā€™ve only found one service to use this user on. All other attempts to use the creds has failed. I know why I canā€™t get the shell but just not sure where to go from here atm.

is anyone else having a problem logging into the machine?
okay so nmap mislead me but i have what i need i just dont know where to use it

Found one user pretty quick,
not much access with this user.
Tried sb and ldaps***
Evil tool returns access denied.

Enumerate more (I get it) but a nudge of direction would be appreciated :slight_smile:

BLACKFIELD\Administrator
DC01```

What an amazing box thanks @aas for it :smile: 

enumeration nudge pleaseā€¦anyone anyone.

Have a big list and 2 default users. saw the shares but not much access for the spots i attempted to enumerate.

Edit: A tool that didnt do anything before worked the second time. thanks peeps

I have the knight in shining armor, now what? Nugde please :confused:

FINALLYā€¦ Rooted this thingā€¦ Thanks for the help those that sent me nudges.
What a frustrating ride that was!

Rooted!!
One of the better windows boxes ive triedā€¦ learnt a few new things :smile:
had a few syntax/human errors while trying to get root

foothold: enumerate, enumerateā€¦ and some googleFU on what your tools can doā€¦
User: fairly straight forwardā€¦ everything is thereā€¦
Root: what can you do?