I’ve rooted a bunch of machines and got access to DC01. I know that at some point I’ll have to pivot to other subnets, but can’t find them anywhere. Any hints? Feel free to DM me. Thanks!
I have the same issue, just straight up can’t crack it, I don’t know why.
Edit: just use hashcat, took 5 seconds.
Dm for help
Hello everyone, i juste start dante (10.10.110.100) and I managed to log in as admin on the wordpress page. But now i try to to download malicious .wav to create a shell but its not working, i tried few other thinks but i think im stuck. If you have any idea or hint (i think i need to find a way to connect with ssh) thank you very much (its maybe not my last SOS on this lab )
Update I succeeded 
Hi Argon, I’d love it if you could give me a hint. I’m stuck on SQL01. Do you think you can give me a hint here? I believe it should be just a username I don’t have. I have no foothold yet whatsoever.
I got all other machines including DC01,DC02. I only have left SQ01, Nix06 and 07.
Thanks
Alex
Did you ever get a resolution. I have a similar issue with WS03. Trying to PrivX, I have a meterpreter on it. Have a few local exploits, but they fail to create a session and I think it is because of my proxy
I still have the following remaining to be pwned:
dante-sql01
dante-nix07
dante-ws02
dante-admin-dc02
dante-admin-nix05
dante-admin-nix06
I’m not sure what I’m missing in terms of finding the hidden admin network. I’ve tried arp-scan for Windows and Linux, but nothing’s showing up. It’s just always the same list of hosts which I already know. I also used LaZagne to find hidden passwords to specifically try to log onto Jenkins. I tried bruteforcing Jenkins, the FTP server on nix07, but no results show up. I even tried using the list of users I found from the xlsx file.
Any nudge or hints would be appreciated. I’m honestly at a loss here.
I’m running into the same wall with this. Have you been able to figure this out? I swear it’s something simple, but I don’t have experience with finding hidden networks nor how to best approach finding it. I’ve tried arp-scan but it keeps returning the same list of hosts.
Try proper recon/enumeration on the DC01 machine to find the hidden admin network.
Thank you, I’ll keep digging further.
Hello everyone. I thought I completed Dante… but it seems there is 1 flag left. The “Update the policy” flag. It seems many people have this issue. I believe I found all flags on all machines…but somehow I missed this one. Can anybody give me a hint (DM) on where to search? Thank you so much!!
Found it… so thanks. No further help needed.
could anyone give me a tip on cracking this account? I already tried everything. Thanks in advance.
do you have a foothold already? DM me
Hi, still trying to crack the password with john and hashcat, many wordlists and rules. Also tried bruteforcing… do you have a tip for me here on how to crack this hash? thanks in advance 
Hey guys. I took a root privilleges on 10.10.110.100 but I’m stuck and don’t know which target to choose next. Any tips for progress would be helpful. Thanks!
For j*****'s password you can use hashcat. Just make sure you use the correct module. It should be unix type 1 (-m 500). You can check here:
https://hashcat.net/wiki/doku.php?id=example_hashes
How on earth am I to discover the admin subnet organically on DC01?
I found it from some hints from here but i print the arp cache, the ipconfig, the advfirewall rules and just cant for the life of me discover how I would of possibly known of the admin subnet accessible from there
anyone have any details on how I could enumerate that?
Thanks, so I’m using m500 to crack, but can’t crack it. Are you using rockyou with a rule set ? or a custom wordlist collected from the other servers?
Use autoroute and start scanning new subnet with portscan/tcp.