@HomeSen said:
@egre55 said:
As the author of the box I’m happy to discuss any questions you have about realism @VoltK
If anything the root is the most unrealistic component, due to how Microsoft has changed the behavior in later releases of Windows, you are less likely to see this is many environments.
User is very realistic and something you see in real environments.
I accept that foothold is contrived to a certain extent, but if you gain a foothold on such a device, even the names might be insightful, in terms of company-specific language/vocabulary
Totally agree. And as a professional pentester, I can confirm that this kind of information leakage (and the resulting “breach”) are all too common. Especially with larger infrastructures, you WILL find passwords for all kinds of services and users that are derived from publicly available information about the target.
Due to the limited attack surface (usually, a single system), the foothold always has to be slightly “crafted”, but on this box it is a very tiny “slightly”.
I just want to add to this - because I quite strongly agree with @HomeSen and @egre55.
Although I am not a pentester, I work in incident response and I’ve lost count of the number of events which have been a result of the kind of issue presented here. It’s why the tool most people will have used exists and why recon is a critical step taught on every pentest course.
While the privesc is a bit unrealistic for an organisation with a well patched, up-to-date environment, in 2020 I’ve seen organisations with Windows 2000 Active Directory servers…