Forest

idna · November 7, 2019, 12:46pm

For the root stage, I can’t seem to give the Alf account the permissions that the hound suggests but I can creat my own user and give that permission. I can’t however give that new account permissions to login so I’m stuck.

Any hints please? I’ve been stuck on this bit for the last 3 days solid.

bumika · November 7, 2019, 2:07pm

Sometimes a local group is as good as than a domain one.

Salts · November 7, 2019, 4:57pm

I’ve walked the dog. I’ve added myself to the things that link me to the thing I want. Clearly the dog says I’ve got what I want (three times, even), However. when I actually go to setup the object or priviledge, I’m totally lost

Salts · November 7, 2019, 4:58pm

@btwiusearch said:
Rooted.
Tears where shed and joy was had but at the end of the day, my AD knowledge and windows exploitation is vastly improved. Three days for the root lol, just about as I was going to go to bed as well.

Has this weird thing happen to me, idk if this was the case with anyone else but just incase you are struggling with that error mentioned on the cat: you have a literal 10 second window before your privesc breaks. Might of just been me. You can use scripts to help automate this so you are in time to get something out of the cat.

I thought I was going crazy, but yes I noticed something like this…

Wall6e · November 7, 2019, 6:50pm

Can’t someone help me about the S****H******** execution plz? Nothing happened. With the -ns option too…

shakaaa · November 8, 2019, 1:00am

I am really stuck with root on this one. Got the BH onto PS using EW-* but it doesnt give results. Tried remotely but getting heaps of dns errors. Very lost on what to try now

jones7 · November 8, 2019, 11:20am

@shakaaa said:
I am really stuck with root on this one. Got the BH onto PS using EW-* but it doesnt give results. Tried remotely but getting heaps of dns errors. Very lost on what to try now

there’s a python thingy for the hound that works

LamaCamelis · November 8, 2019, 12:45pm

Type your comment> @jones7 said:

@shakaaa said:
I am really stuck with root on this one. Got the BH onto PS using EW-* but it doesnt give results. Tried remotely but getting heaps of dns errors. Very lost on what to try now

there’s a python thingy for the hound that works

that one puts .localdomain at the end of the domain name for no reason

djbrains · November 8, 2019, 12:51pm

Type your comment> @shakaaa said:

I am really stuck with root on this one. Got the BH onto PS using EW-* but it doesnt give results. Tried remotely but getting heaps of dns errors. Very lost on what to try now

I edit my host file to resolve that.

7h3B4dg3r · November 8, 2019, 2:16pm

Desperately trying to get root for days now. Just give me a nudge: do I need to create a user and login with that user or can I use remote tools to get what i need?
Because I found an interesting privesc method, but I need to login to use it and I can’t find a way to do it. It could be useful to know if I’m losing time or not.

bumika · November 8, 2019, 3:12pm

Type your comment> @7h3B4dg3r said:

Desperately trying to get root for days now. Just give me a nudge: do I need to create a user and login with that user or can I use remote tools to get what i need?
Because I found an interesting privesc method, but I need to login to use it and I can’t find a way to do it. It could be useful to know if I’m losing time or not.

I used both of them. Using remote tool was the last step.

tatawabas · November 8, 2019, 3:16pm

can any one help me on PrivEscl using Powshel script. do i need to use old vrzon of H.exe tool as i alwuz get error

Rayz · November 8, 2019, 3:20pm

use whatever whatever version you have installed on kali. easier.

7h3B4dg3r · November 8, 2019, 3:23pm

Type your comment> @bumika said:

Type your comment> @7h3B4dg3r said:

Desperately trying to get root for days now. Just give me a nudge: do I need to create a user and login with that user or can I use remote tools to get what i need?
Because I found an interesting privesc method, but I need to login to use it and I can’t find a way to do it. It could be useful to know if I’m losing time or not.

I used both of them. Using remote tool was the last step.

Just to be clear: you managed to login with a user you created on the domain, right? Not just the user needed for the initial foothold.
Thanks.

bumika · November 8, 2019, 3:34pm

Type your comment> @7h3B4dg3r said:

Type your comment> @bumika said:

Type your comment> @7h3B4dg3r said:

Desperately trying to get root for days now. Just give me a nudge: do I need to create a user and login with that user or can I use remote tools to get what i need?
Because I found an interesting privesc method, but I need to login to use it and I can’t find a way to do it. It could be useful to know if I’m losing time or not.

I used both of them. Using remote tool was the last step.

Just to be clear: you managed to login with a user you created on the domain, right? Not just the user needed for the initial foothold.
Thanks.

Absolutely.

Konstant · November 8, 2019, 7:42pm

Hello to everyone.
Im kinda stuck, cause I can’t get output from Sharp or Blood even with specified domain/ldap port/domain controller and over also Ive tried exec bypass, with no results.
What should I use instead of Evil and any advice will ve apreciatable; thx

EDIT: got root, it was cool but no way easy)

bravo to egre55 & mrb3n

djbrains · November 8, 2019, 8:45pm

who is redman? i am henk

q1Z · November 8, 2019, 9:51pm

Absolutely stuck with root, help plz done all recon, got user, got users tgt for user…

got root, looot of thanks to @arale61

henjoe · November 8, 2019, 10:29pm

Anyone able to give some tips on root :)?

LamaCamelis · November 8, 2019, 10:47pm

Spoiler Removed