I’m near the end. I feel it is a syntax error. I can’t seem to keep a secret. There is an x factor involved too.
If you can work with me and check my syntax let me know and I’ll DM the info.
Finally rooted. Has someone used powerview for priv esc to root? I couldn’t, I had to go the manual way. I learned a ton anyway. Great Box!
EDIT: I also did not have to create another user.
I would appreciate a PM with some more info as well. Not sure where I am going wrong with this. Hopefully you have time.
Thanks
@syn4ps said:
Finally rooted. Has someone used powerview for priv esc to root? I couldn’t, I had to go the manual way. I learned a ton anyway. Great Box!EDIT: I also did not have to create another user.
You don’t HAVE to create a new user for the most common way of exploiting this (by adding yourself to the E**** group and granting yourself extra permissions etc), but you have to remember multiple people are attacking this box. It is not a good idea to modify the original account you got credentials for, because everyone else is using that account too so you’re affecting them.
0x16
Type your comment> @0x16 said:
Anyone available to discuss the final stages of root with me? I keep getting this error and I cannot get past it when using the cat.
ERROR kuhl_m_lsadump_dcsync ; GetNCChanges: 0x000020f7 (8439)
Did you ever figure why you received this error? I am receiving it as well and trying to find the root reason why.
rooted
User: enumerated ez
Root: read about DCSYNC attack
if you need help dm me
C:\Windows\system32>hostname
FOREST
C:\Windows\system32>whoami
nt authority\system
pwned if need help just dm
@DadYouNeverHad said:
0x16
Type your comment> @0x16 said:Anyone available to discuss the final stages of root with me? I keep getting this error and I cannot get past it when using the cat.
ERROR kuhl_m_lsadump_dcsync ; GetNCChanges: 0x000020f7 (8439)
Did you ever figure why you received this error? I am receiving it as well and trying to find the root reason why.
There are 2 AD permissions you need to be able to perform that attack. Make sure you have both., even though they both sound very similar.
I’m currently working on root. I’m able to create a new DomainUser, but everytime I try to add it to a existing group, I get an Access Denied Error 
Any hints what I need to do to get the necessary permissions?
Finally rooted!!
Took me way too long to get root, since I was trying to do everything using a new account I created. I was not able to log in using the new account, till I managed to figure out the problem.
In case any one else is unable to log in using the new account via e***-m (authorization error), add the new account to “Remote Desktop Users” and “Remote Management Users” group. You should then be able to use the account similar to svc-a**.
I am not really sure which of the two remote groups is actually required-or if both are required or if either one is enough, but I am now too lazy to figure that out.
Type your comment> @Radixx said:
Finally rooted!!
Took me way too long to get root, since I was trying to do everything using a new account I created. I was not able to log in using the new account, till I managed to figure out the problem.In case any one else is unable to log in using the new account via e***-m (authorization error), add the new account to “Remote Desktop Users” and “Remote Management Users” group. You should then be able to use the account similar to svc-a**.
I am not really sure which of the two remote groups is actually required-or if both are required or if either one is enough, but I am now too lazy to figure that out.
I´m trying that but I receive this error when trying to access via evil-winrm
Error: An error of type WinRM::WinRMAuthorizationError happened, message is WinRMAuthorizationError
Type your comment> @alexmore8 said:
I´m trying that but I receive this error when trying to access via evil-winrm
Error: An error of type WinRM::WinRMAuthorizationError happened, message is WinRMAuthorizationError
Okay I checked again. Adding the user to “Remote Management Users” is enough
to access it using evil-winrm.
Did you not try adding your user to that group?
Does anyone knows why when running mimikatz it opens an infinite loop???
Type your comment> @alexmore8 said:
Does anyone knows why when running mimikatz it opens an infinite loop???
You have to get a different shell to run mimkatz, but mimikatz isn’t required to get root
Can anyone nudge me on how to use sHound?? I’m trying to run it but getting no output…
Type your comment> @alalno said:
Can anyone nudge me on how to use sHound?? I’m trying to run it but getting no output…
I used the method shown in Ippsec’s Active walkthrough on youtube, check that out and see if it helps at all
Can someone give a nudge for root? I have the new user created and in the proper groups. I am trying to add D***** R***** to the user using P*V but cannot seems to get the syntax right.
Type your comment> @wes0001 said:
Can someone give a nudge for root? I have the new user created and in the proper groups. I am trying to add D***** R***** to the user using P*V but cannot seems to get the syntax right.
Make sure to try the dev branch for p*v when I was using the master it wasn’t working either. Do you get an error?
@ShadowSuave
The error code I am getting is:
ERROR kull_m_rpc_drsr_CrackName ; CrackNames (name status): 0x00000002 (2) - ERROR_NOT_FOUND
hey guys, I wanna make sure im following the box correctly, but I found a user h****** that sounds veeerrry fishy. (as in, I’m not following the box correctly.) could anyone tell me if this is the right track?
Edit: found the correct user: S**-a*******