Official Intelligence Discussion

Same here. Got two users but not sure where to use them. Tried every possible way I know. I am no one when is comes to AD. Any hints would be useful

one step forward two steps back. Got the next user but not really any visible advancement. Banging head against the wall lol.

Faaaaaainallllly ffs :smiley: lol great box

Got user… Thanks goes to @PrivacyMonk3y

Finally rooted!
I really rooted this machine, and also learned a couple of things I’ve never encountered before.

You can PM me if you need any nudges.

Finally rooted!! This one was actually hard for me since I am an absolute beginner when it comes to Active Directory. User was way easier than root

User:
Web server gives all you need, even it’s an AD box.
Don’t be lazy. check all you get, not only outside, inside too.

Root:
Read the script, act accordingly and wait until the “RESPOND” comes.
Accounts are not safe and the “packet” can help you.

Hope these will help you a bit. If you get stuck, you are always welcome to DM.

I’m also having trouble with this box. I’ve extracted a couple of users, but I’m missing the password. Can someone give me a nudge?

*** Nevermind ***
My script was bad, and I should feel bad :tired_face:

User: Look all things and fuzzy hard.

Root: Do simple, it’s not hard.
If someone need help send me DM.

Either I did the “wrong” path to root or I think the path to root was quite hard :wink:

Hi im rather new to AD and LDAP; im a little unsure of where to start, what to do, or how to even google search some stuff haha. I was wondering if it was ok, if i could get a point in the right direction. Thank you.

Root definitely took me for a ride. I’d just say be prepared to do some scripting to make your life easier.

Feel free to DM for nudges.

Type your comment> @a74881 said:

Hi im rather new to AD and LDAP; im a little unsure of where to start, what to do, or how to even google search some stuff haha. I was wondering if it was ok, if i could get a point in the right direction. Thank you.

For user you don’t need any AD knowledge. Basic enum should get you to the correct path

1 Like

Rooted

Really a great machine, enjoyed every step !

Enumeration is the key !

So I’ve got the user flag but cannot pop a shell? Have tried several things and vectors.

What am I missing?

TIA

Rooted! For user make sure you get everything and inspect all the details - scripting helps. Root was wild, pay attention to what the automated task is doing and see if you can spoof something with your toolkit.

Rooted! For user: This is not an AD, this is web.
Root : dig in AD

Hmm, so I got a user and a password after a lot of web enumeration.
The 2 combined does not stick to anything at the moment …
Obviously I am missing something …

Type your comment> @acidbat said:

Hmm, so I got a user and a password after a lot of web enumeration.
The 2 combined does not stick to anything at the moment …
Obviously I am missing something …

There’s more enumeration you can do. Delve deep into any files you can download!

Fun box painful if you (like me) use wrong version of a tool but fun. Thanks ARZ101 for help on the last part!

Type your comment