You should look at what is installed on the server, the admin****.txt gives you a hint about the program you should look into.
Hey, I have found the admin*.txt file that is what lead me to this box to look further. Wordpress is how I got in, but I can’t figure out how to escalate my privs at this point. The creds I found for Frank don’t work, and I have tried every Linux-exploit-suggester without luck. No suid opportunities since Margaret can’t issue sudo commands at all. That’s what I was looking for help with. If you have any suggestions.
Hello, I have user access on the WS01, as g***** and found the first flag, but I think I need nudge to figure out how to privesc. Any help is appreciated, thank you.
In the export of the software where you found the passwords, is it common that only one person in the company has this software installed?
As I said, the txt file gives you a hint about a program that is still installed on the server, you should look at this program files to find interesting information. Feel free to DM if needed 
hello,
I have pwned the following boxes:
DANTE-WEB-NIX01
DANTE-NIX02
DANTE-NIX03
DANTE-NIX04
DANTE-DC01
DANTE-WS01
DANTE-WS03
I think the next step is to attack the admin network. But I cannot identify, which box is the pivot.
Can anybody give me a hint?
Hello everybody, Any hint for NIX04 priv esc ? I now that I can use shell for every user except root, but stuck at this stage … Tried to enumerate processes and linpeas, did not find anything
feel free to send me a DM
DM me your though process.
Hi, also stuck on NIX02, i am able to login in with ssh to f and m accounts but i have no idea on how to escalate to root, a little hint is welcome here …
same problem here, do i miss something?
Edit: yes i did!
Hello,
Actually stuck on SQL01 
I have pwned the following :
NIX01
NIX02
NIx03
NIx04
WS01
WS02
WS03
DC01 (I’ve dump cred on xml file and mrb3n)
I tried to bruteforce on ftp, smb and mssql using cred collected so far without success.
It seems that nothing is mounted on mount service
Any hint ?
hello,
this machine has dependencies from another network. You have not pwned this machine yet.
Thank you ! For pfsense do I have to pwn a machine before ?
The pfsense is out of scope
hello guys, I can’t make 5 machines, I have full control over the dante-admin-dc02 I scanned the admin subnet, I only found one machine with the ssh service active I tried brute force with the credentials collected so far ( i didn’t test with ssh keys) but nothing worked. Does anyone have a suggestion for me?
then seeing the scans I only see 2 active hosts, but they should be 3 hosts on the admin network, am I missing something?
you need to find the network admin
thx , I still don’t take this machine XD
Hello Everyone.
I have rooted the WS01 machine. But i’m not sure that I took the intended way for the privesc. Can someone who did pwned the machine DM me so we can quickly talk about it ? Thank you in advance !
can i get a push on the WS-03 machine? I can get a shell on the box but i cant see the privesc vector in any output nor can i find any sensitive files