Rooted. Thank you @VbScrub for the awesome box.
Type your comment> @pHuR1u5 said:
At what I assume is the last hurdle to get root, but I don’t seem to have the permission to do what I need to do. Even though I am in the AD group to do what I think needs to be done. If that makes sense haha.
I am at the exact same point and I just can’t figure it out. This has to be stupidly simple I guess…
PM with a nudge would be appreciated.
EDIT: Got it. Should have taken a better look at some of the options.
Type your comment
Got user just now. A different way of enumeration. I loved it. I wonder what the root part with enlighten me…
Edit: Rooted. I was stuck a bit at Decrypting. Thanks @Konstant for your help.
Did someone do the rev eng part using ghidra? Im running in some problems with the decompiler.
@QHx5 said:
Did someone do the rev eng part using ghidra? Im running in some problems with the decompiler.
I don’t recommend using Ghidra (or any classic disassembler) for that kind of binary 
Type your comment> @HomeSen said:
@QHx5 said:
Did someone do the rev eng part using ghidra? Im running in some problems with the decompiler.
I don’t recommend using Ghidra (or any classic disassembler) for that kind of binary
Yea, but still want to know what’s wrong there. Seems like ghidra doesn’t load the local DLLs for some reason.
@QHx5 said:
@HomeSen said:
@QHx5 said:
Did someone do the rev eng part using ghidra? Im running in some problems with the decompiler.
I don’t recommend using Ghidra (or any classic disassembler) for that kind of binary
Yea, but still want to know what’s wrong there. Seems like ghidra doesn’t load the local DLLs for some reason.
Answered in PM, since this would otherwise spoil too much for others
Finally…Rooted…Exhausted…
Very tricky at the last part. Thanks for this amazing AD box @VbScrub , push me enum and enum and e…n…u…m…
Great box! Anyone having issues submitting the user.txt and root.txt flags on HTB? - I get invalid flag when I try…
Guessing they’re still having reliability issues with the new flag system.
@bashsquid said:
Guessing they’re still having reliability issues with the new flag system.
Judging by the amount of comments and messages I’ve seen about this, yeah I’d say so. Hopefully gets sorted soon.
Buenas alguien que hable español, me podra dar alguna pista porque tengo los users, pero estoy trabado en la pass, ya no se que mas hacer. Gracias
I’m having trouble with initial foothold. Got users list, but unable to find initial password for any of them. Would appreciate any nudge in pm.
EDIT: found it ! This diffently worth finding some visualzer for AD, took me some time to find to find using ls** tool…
Maybe will code myself some custom tool for future boxes.
Now I can continue 
Hi, I’ve found the c*****L*P of Mr. T but don’t know what to do with it… Can anyone give me a hint please?
Type your comment> @Y0urM4m4 said:
Hi, I’ve found the c*****L*P of Mr. T but don’t know what to do with it… Can anyone give me a hint please?
Forget it, I found it with help of @7h3h0und Thanks
i have first user, got a password decrypted and i have username saying sth about password, I m lost Would appreciate any nudge in pm.
Any hints on the service for getting the first user? I have enumerated a ton of names but stuck there.
Type your comment> @bradleman said:
Any hints on the service for getting the first user? I have enumerated a ton of names but stuck there.
Read each line of your enum. Sometime things can be written in different ways. For exemple, you can write Please, pls, please or user, User, usr, USER… Everything you need for the user part has been already said… But againt, enumeration is the key to get the user.
For my part, I’m stuck at the root part. Any hint?
Got root LOL! really a high quality machine, makes me learned A LOT thing about windows.
Rooted!
Really nice machine. Once you have the first step it is really straight forward. Root was pretty easy!
Feel free to PM if you need help!