Official Cicada Discussion

congrtats

Owned a couple of days ago, if someone needs a hint dm me

I am stuck, winPeas and mimikatz aren’t working so far…

Feel free to ask question about this machine.

Enum4linux-ng or smbclient…each use as you find them. One has more privileges than the rest. You will know what to do with that as port 80,443, and 22 are closed…how else to log in. What tool allows you to do that?

Same issue…maybe JAWS? Maybe have to manually enumerate AD…

Ok i found a password that works for m*.w*. what do i do with said creds?

This is the first AD box I have ever attempted. A nice introduction for beginners, showcases how important enumeration is. Happy to help in DM’s.

Can anybody help me with Cicada box ? I just found username that matches with default password and stuck here. I try all the ways that I know to use this credentials but I didn’t get anything. Pleas can someone provide hint for me ?

Can you help me with Cicada box ? I just found username that matches with default password and stuck here. I try all the ways that I know to use this credentials but I didn’t get anything. Please can you help me ?

Continue to enumerate, just use those new creds. A few more users can be found the same way; then also you will see privileges. One has more privileges. Thats the one you are looking for.

Tried certify, rubies…didn’t work. Got JAWs to work. Really need to enumerate more…

Actually, it’s a cool box. All you guys need to do is pay attention to the outputs of your enumeration tools. Just stuggle beacuse of a non-sense missing of the credentials running infront of my eyes for 10 times.

Foothold: Enumerate the available services; it’s all there. When you don’t have usernames, you can obtain them through other numerical enumeration assigned to them. After obtaining credentials, recycle the same enumeration process using common utilities and pay attention to the outputs, as they will reveal the next user. Repeat this process. Then you will have a foothold.

Root: Pay attention to your tokens. Easy root.

1 Like

Rooted it. This box was great to practice AD enumeration since some tasks was conducted repeatedly to really make sure you learned it (or something) :smiley:

Foothold:
Just enumerate a lot. Use basic tooling which is found in Kali. Nmap, smbmap, enum4linux…
However, Netexec was super useful for coming anywhere. Read the docs and use it!

Root:
Some users could have more privileges than others. Don’t forget to mount stuff, could be very helpful :slight_smile:

1 Like

You mentioned tokens, I am super curious to what tokens you are talking about? I used 0 tokens during this box. Were there more than 1 way to pwn this one? :slight_smile:

netexec was really perfect on this one!!! congrats!

1 Like

guys what wordlist should i use !!! i tryed everything

I saw that suggestion in here too and it really came through for me.

the same tbh