Official Coder Discussion

Same issue here. I even created scheduled tasks to run every minute, but they dont seem to be connecting back to me :confused:

Loving this box so much, learned a lot, getting close to root now. Many thanks to the creator!


Someone can help me with the last privesc? i dont know what to do with the pki group




any tip for foothold to user?

Can anyone dm with with my last minte hail marry attempt to escalate privs on the domain? I understand my group membership and i know of two possible avenues, I just cant figure out how to actually implement the exploit. DM. Thanks.


please could anyone DM me for talk about last privesc to admin ? I would like to finish this box and understand some win privesc tactic.

Thank you very much.

1 Like

Oh sorry for taking so long to complete this machine, I only got time on Good Friday and yesterday there was Busqueda, but finally it is done :smiling_face:

And I can’t deny, it was hard, even more being my second windows machine, lost some hours getting payloads to work and even more trying to use tools that I ended up not needing

I wonder if people are still seeking help after one week of release, but if anyone hasn’t yet lost interest in this machine and needs help, you can surely send me a message, as R is always here :heart:

1 Like

Try to use RunasCS.

1 Like

Gonna need help with my crypt coding…if anyone can help I will appreciate it.

Decryption costs no great difficulty , Microsoft Document is helpful;

Or chatgpt can also help you!


Hey @Volen thanks for sharing.

I did go through this doc, I just can’t get my code to work properly. I know for sure I’m missing a step or not doing it correctly, plus my rustiness with CSharp is getting on my way.

Got the User, and now I just have to get root! This is my first Insane machine, and I enjoy that its been fairly straight forward as to what is generally next (with a few red herrings)!

For some general tips of things for the user if anyone is struggling, with some (hopefully) vague keywords related to what. This is my first post, so if its too much info, let me know and I can remove!

crypto: If you are stuck with cryptography, think about what is needed to break it and think about what data you have access to, even if not directly,
pass: If something takes way too long to compute, think of other less costly approaches to get the same result. Timely brute force (probably over an hour, even less probably), is possibly too much time.
web: If you are stuck when logged in, do research into what the purpose of this server is. With this in mind, what permissions do you have, and how could you use this to progress further towards the User? If you are seen as malicious, look into what does this, and how to evade it (it is not anything high tech or new).
foothold: Enumeration is key here. An error received earlier may be helpful, but not needed. If stuck on putting pieces together, look into documentation and what form things should be in

A tool that might be helpful for some things on this machine if you dont use it already is CyberChef! Its a great cyber multitool for dealing with different cyber things, like cryptography, encoding, files, etc.

1 Like

■■■■ what a ride! Finally got it:

Many thanks to @Volen and teammate @BlackMamba !

1 Like


Anyone can help me about the Privilege Escalation?

  1. I guess it should do with AD CS & try c***y tool, but it is blocked by the AV

  2. another trial with Re**s tool and it is also blocked by the AV

Any idea to escape the AV checkings? :grinning:

You can use some obfuscator to bypass AV: like NimPackt

anyone encounter the same problem that upon successfull login with the 2fa password, you dont get a cookie or anything and it sais the server is performing cleanup? Is this supposed to be the case, am I doing something wrong or is the machine broken? Any help is appreciated!!

Greetings dear community,

Windows is new experience for me , I have dont with nmap scan and found smb is there. But unable to proceed any further. I would appreciate your guidance to solve and learn more about windows .

Hey, is it possible for anyone who achieved root to do a sanity check for the privesc method? I keep getting the error KDC_ERR_PADATA_TYPE_NOSUPP(KDC has no support for padata type), and everything I find points to there being a fault in the machine. I tried reseting the machine, and some other methods, to no avail. I am also almost positive that the approach im doing is the correct way based on being 1 step away from root, the theme of the box, and other indicators that show its the correct method.

Just confirmed that this is now impossible to do if you are getting that error!

To fix it, you must as administrator (such as getting a friend to or some method) run “gpupdate /force”, and then it will be possible through the method that originally wasnt possible

TLDR: The machine should be running “gpupdate /force” occasionally to fix a certain issue