I have the decrypted credentials for pwm. However, if I try to login, it will show me “error 5017”. How to fix this issue? Can anyone give me a nudge?
I have the three creds … found one use for them. no clue how to interact with ld** … tried bunch of things to enumerate ld** but just nothing … any nudge in the right direction?
same thing here. would love a nudge on this one
same thing here, would someone give a hint?
You DONT have to login with that, you can do some other stuffs as well there, like some conf. modifications
stuck on the privesc part, can someone help??
I’m stuck on privesc, but you can dm me about this part
I cracked the creds but i have the same resault for the different h****s
am i doing something wrong?
no, thats intended
FINALLY rooted.
Getting the user flag was relatively easy… but Privesc was physically painful.
I’m sure it’s a lot easier for folks that are more acquainted with Windows boxes, but the whole journey to root took tons of reading and research for me.
My best advice is that, once youve discovered what the vulnerability is, go and do some reading about it. You’ll find that a lot of the articles reference each other. Read them all. Not only will it give you a greater understanding of the vulnerability, it will give you an idea of what tools exist - and that matters a lot for this one.
1 Like
The post above is awesome. The path to root involved 3 separate tools for me. Only one of which I had used before. The only thing I would add is read the output of your errors. You will get errors, read them and Google them. Last thing: syntax is a ■■■■■. I hate you. 
2 Likes
Pwned… Ping me if You are Stuck 
1 Like
Happened to me couple times as well…
Done with this nightmare, thanks for everyone for the help!
Finally rooted. Quite an interesting machine. Thanks for help!
Anyone available for a nudge?
I have the credentials and can configure the required connection to work in the config panel. I have no idea what to do next.
I’m pretty sure i found the vulnerability, but I can’t get it to work and there is so little time left to get this machine in season 
What a precious comment!!!
Hello defyinb,
If I am not mistaken where you are, I did not succeed on my side with the most known tool under Linux.
However, there is a metasploit module that works for this step 
I hope you will pwn the box before the deadline!
v.
1 Like
machine routed!
beautifull windows machine.
USER was a bit tricky but with some help and some googling about windows protocols eventually u will learn new things and understand how to get the creds u need.
ROOT was really easy for me, some knowledge of AD-PENTEST suite
DM if u need help
1 Like