finally got root and at the end with all hints within this thread this was a great experience. Thanks for that … even if I had some headache due to device resets
Learned a lot!
@idevilkz said:
I am stuck same as you are @101001101029A
mimikatz won’t work unless you are an administrator afaik.
PM me so we can work on this together as I am failing to get dsacls to work for me to enumerate my newly created user.
Any progress from you? I am stuck here as well. Not sure what to do…
@awarkozak after much head bashing, I had assistance from couple of members and got through.
I was doing most of it right, and was only struggling elevating my privileges but I found out I was using syntax wrong.
For all new user like me, who are stuck for the root part.
+++ You need to make your new user have some special privileges within the domain
+++ for those special privileges you need to have understanding of how Active Directory stores its permissions related data in a context (hint).
+++ You need to make your new user have some special privileges within the domain
+++ for those special privileges you need to have understanding of how Active Directory stores its permissions related data in a context (hint).
I’ve finished this box and it seems like there are at least 2 different approaches (using different tools) to priv esc. One works, the other doesn’t - or at least it didn’t work for me. Trying to understand why the one method doesn’t work…anyone available to explain why?
Got user flag in about 15 - 20 minutes but I’ve spent days trying to get root flag with no success. Can someone please PM me with a nudge? I have the network mapped out with bloodhound, just having trouble finding a way to take advantage
+++ You need to make your new user have some special privileges within the domain
+++ for those special privileges you need to have understanding of how Active Directory stores its permissions related data in a context (hint).
Help badly needed with root. I can create a new user, add him to two groups found by the dog, two others for remote access, but I’m still unable to run I*****-A*****.ps1 and/or m******z.
I think I have to add him to some local group, but I’m unable to make it work.
Stuck trying to get root. I was happy being evil and I chased the path of the dog which seemed to work until I got to the end and I tried invoking the cat to take a bath but he wont get near the sink.
I thought I was really close but after reading all the comments here I see a lot of folks refer to adding their own accounts to the box but I can’t figure out how they did that. I think my dog was barking up the wrong tree and now I’m completely lost. Any body have any pointers to help me find the right trail?
Big thanks to @idevilkz for helping me out and pointing down the right trial!
Hi, I am stuck as I am not used to AD on windows machines… Got the user an his pass but am totally unaware what to do with it now!
I would prefer more than a nudge, maybe someone is willing to become my mentor?
Please PM!
I just got this one finally! Really nice to learn some new tools v impressed by the Dog tool particularly. Also surprised how Root took so long even after i figured out what i needed to move forward.
my advice for root is not to bother with all these pre-made auto-pwn scripts/tools out there when trying to gain your “special permissions” because they don’t work from my experience. Once you work out the name of the permission you need you can acquire it yourself with powershell, google will show you how. The bit that really screwed me over was i left off the keyword ‘All’ Once you get this bit the rest will be easy
Guys i don’t get it. I mean is the dog even usefull or does it only show wrong paths?
I don’t see any path to get dsc permissions except over Ex*** Groups, wich didn’t work for me and a lot of people. Stuck
Just finished the box, barely before it retires Very nice box with a steep learning curve for anyone unfamiliar with AD - showed me my shortcomings quite nicely
Huge thanks to @nicolasmira101, @FiRePl4y and @som1 for helping me out.
As always, thanks to the creators @egre55 & @mrb3n !