Hello I’m in the same situation i pwned all but not WS02 you mean the .xslx file for b* the service nothing work
Hello
I have issue when pivoting AD machines 2 machine pwnd but can’t connect last machines from chisel and proxychains anyone help me for this I don’t know with the problem, I don’t receive any communication on my kali, I use the tools I’ve pivoted between machines but the latest one machine just can’t connect
I appreciate this for helping me
Nobody ? I rooted all machines I have xslx file and I dump all the files and creds in all machines but I’m stuck behind WS02 nothing work I try b* with all credentials and users and with different wordlists I return in each machine to see if I missed something but I found nothing running findstr in windows machines and find in Linux machines and inspect each folder with rdp for windows and each in Linux.
Can I have some help it’s very frustrating
Someone deleted something.
Fixed.
Hello , it’s me or the machines on the second subnet are very very very unstable ?
evilwinrm break all time …
Hello
I am stuck on a machine DANTE-NIX02 i have found the cred via S K* but when using the creds to switch user i am getting authentication failure. Is someone else is facing the same issue?
can you give me some a tip on how you found F**** creds? i have been stuck on this for days. I cant find any Sl*** files that help.
can you give me a nudge on getting root from Frank?
Can someone give me a nudge on Nix02, i have Fr*** shell access and i am trying to get root.
Updated: i figured it out
Hey all, I’m working through Dante with my company’s HTB Enterprise license so things may be slightly different but I’m running into a wall with WS03. Trying to get it to talk back to my pwnbox is proving… difficult. I’m able to get a command prompt running (user is b****), but when I try to forward a specific port back to my local machine WS03 is unable to find my machine (despite being able to forward the command prompt).
I can explain a bit more in detail in PMs but don’t want to spoil something for those who have the same issue.
I saw some previous replies involving checking privileges, but I’m also struggling on how I’d go about attempting PrivEsc here, so that may be the first step I’d need
Can someone give me a nudge on how to find the admin network? I have been through all of the initial boxes and found one with an “extended network” but no obvious routes to anywhere else. Please help.
Update: i am uncovering some new info using ARP and Route and think i have a lead on a new IP
Update: i found a new machine that didnt come up on the initial host scans, .13, which i am hoping gives me a lead, i already found the initial exploit, and i am dumping data now. Hope i am on the correct track.
Can anyone give me some pointers on the file i need to find on dc01?
Update: figured it out with some tips from @MikeHotel
1 Like
Can anyone provide pointers for the priv esc on WS02? I have an idea what to do but i am running into a permissions issue.
Update: i figured this out
Still having a hard time figuring out this admin network entry point.
I am stuck at the with two usernames and a w**dp**** login page. I tried cewl but im not getting any hits. Completely lost here
same here 
tried bruteforcing and got nothing…
UPD: done
I am planning to buy a prolab from HTB. I don’t have any experience on how to pentest a network. I saw in HTB that all the prolabs are in a subnet like this 10.10.110.0/24 . I don’t know where to start and how to proceed. Need help in deciding how to pentest such subnets. Is there any tactics or anything. I am totally confused. So far, I have solved around 80 boxes in HTB and I was confident on solving them as they have only 1 IP but this thing seems complicated, Help me out 
Hey im stuck at NIX04 found the vulnerability but cant get an initial foothold. Would greatly appreciate it if someone could assist me.
update: nvm got it.
2 week that I work on NIX05 without flag. Someone can help me please?