Hi guys ,
I got user flag so now i’m looking for a privilege escalation. Anyone could provide me a little hint please ?
Thanks
2 Likes
used netexec rid brute forcing to get a list of users
i allso did the same
but got errors on my way
Are you using smb for netexec? What username file are you using? I am using one from seclist.
i used ‘guest’ for the username and password empty ’ ’ and explore an argument called --rid-brute
2 Likes
when i try to use “–asreproast” i get an error
" SyntaxWarning: invalid escape sequence ‘-’"
OSCP training material didnt show me that one. THANKS! Thats going into my notes.
4 Likes
hm never used -asreproast before i didnt need to use it to get list of users are you trying to do something diffrent
1 Like
Ungh. Took way too long to get user. Remember the -a flag in all your tools.
What tool? 
Had some fun!
What the ■■■■ are we suppose to do with the username and password?
A popular Linux tool for enumerating.
Nice box. Rooted in a couple of hours Monday morning whilst at regular work.
Definitely beginner-friendly, provided you know your Active Directory enumeration techniques. Learn NetExec.
I’ve written a full writeup, so if anyone wants to DM for a nudge, feel free. I can refer to my notes if I forget.
1 Like
How about that PE? Any hints?
Basic user enumeration should quickly point you in the right direction.
This box is really good for anyone who wants to learn active directory pentesting and want to try some techniques
Caps off
Hi! Can you help me with a hint on Cicada? I found the password and 2 usernames. I not rly sure the usernames are ok tho
I got a few hours while i work if you want to pm me, i can give you some hints
Remember that nxc is not only smb. Try other like winrm, ldap it could give you different output than you can dive deeper using other params.