Official Intelligence Discussion

I’m also having trouble with this box. I’ve extracted a couple of users, but I’m missing the password. Can someone give me a nudge?

*** Nevermind ***
My script was bad, and I should feel bad :tired_face:

User: Look all things and fuzzy hard.

Root: Do simple, it’s not hard.
If someone need help send me DM.

Either I did the “wrong” path to root or I think the path to root was quite hard :wink:

Hi im rather new to AD and LDAP; im a little unsure of where to start, what to do, or how to even google search some stuff haha. I was wondering if it was ok, if i could get a point in the right direction. Thank you.

Root definitely took me for a ride. I’d just say be prepared to do some scripting to make your life easier.

Feel free to DM for nudges.

Type your comment> @a74881 said:

Hi im rather new to AD and LDAP; im a little unsure of where to start, what to do, or how to even google search some stuff haha. I was wondering if it was ok, if i could get a point in the right direction. Thank you.

For user you don’t need any AD knowledge. Basic enum should get you to the correct path

1 Like

Rooted

Really a great machine, enjoyed every step !

Enumeration is the key !

So I’ve got the user flag but cannot pop a shell? Have tried several things and vectors.

What am I missing?

TIA

Rooted! For user make sure you get everything and inspect all the details - scripting helps. Root was wild, pay attention to what the automated task is doing and see if you can spoof something with your toolkit.

Rooted! For user: This is not an AD, this is web.
Root : dig in AD

Hmm, so I got a user and a password after a lot of web enumeration.
The 2 combined does not stick to anything at the moment …
Obviously I am missing something …

Type your comment> @acidbat said:

Hmm, so I got a user and a password after a lot of web enumeration.
The 2 combined does not stick to anything at the moment …
Obviously I am missing something …

There’s more enumeration you can do. Delve deep into any files you can download!

Fun box painful if you (like me) use wrong version of a tool but fun. Thanks ARZ101 for help on the last part!

Type your comment

Fun and challenging box.
Thank you @Micah for creating this challenge for us.

Sooo Ive been at it for days.
I’ve got user and the hash/password for the owner of the script. But can’t for the live of me get a shell on the box. Can someone drop a hint? I tried all the packts I can think of.

Type your comment> @Eren said:

Someone give a hint here please

Just got user. So the Web Server gives you all of the information you need to get access. Access will be granted through another channel.

Hint For User: Wow, there sure are a lot of PDF files. I wonder if there’s any way to see who created them…

got user… that part was straightforward :wink: on to root now ^^
dm if help needed

I got User, but I’m a bit lost when it comes to root. I don’t have much AD knowledge. I believe I found the file that will open the way to root, but I don’t know what to do with it.

Type your comment> @PrivacyMonk3y said:

It’s enumeration of what you know. Scripting is a plus.

I’ve got user but I’m a bit stuck. I read the script and I think I have ideas but I’m not able to pull anything off. Playing with python and dumped loads of info just not sure what’s important.

Been stuck for a couple hours. Anyone got a nudge?

Look at your NMAP results and see what is open to us. Also, think about the script you found. Think there’s any way to point it to us? I hope this RESPONSE helped you out :wink: