Hints please, or walkthrough, I’m a total noob
Hello! Can someone help me how to transfer zip file in the window machine to my attack machine.
I have the valuable information from the pdf, enumerating the DB with no success. Any hints to move forward?
I had a same issue. Just set box machine as NTP server for attacker machine when signing ticket. Maybe it will be helpful for someone.
Hello,
I’m stuck in the first phase. I’ve gained access to the database using the credentials provided in the PDF. Could somebody give me a hint?
Thanks in advance.
Finally got the admin. Ask for any hints. Thanks to the author for this machine!
ESC1ape?
Oh! I see
My first AD-ish machine, definitely lots to learn! Finally rooted, just had to know the tool names Good machine @Geiseric
Hello, could someone help me, I already got the theme of the pdf. And I connect to the base but with the guest account. I don’t know what else I can do, could you please give me a clue.
To get User Think like a junior , to get root think like a psychopath "check the get-u output with ‘proprty *’ and look at the difference between the scd user and other domain users , juste cp and past the keyWord and dork it 'abusing keyWord in windows, ’ " and you’ll able to get root easily.
Just got back to this box to have a go at root again. The cert.pfx
file isn’t showing up in C:\Users\Ryan.Cooper\Documents
like it once was before… anyone else having this issue?
I’ve tried resetting the machine twice but still nothing…
You must put your own .pfx file . if you has found a .pfx file in “~/documents” that mean is not yours . however follow the above step that i gived and you must able to create you own .pfx file on your attacker machine and download it to the victim machine from there you can use this file to brutalize admin.
Hey guys, this is my first attempt to root a windows machine, i don’t even know where to start. Can someone please give me some hints on how should my initial approach be? I’ve performed an nmap scan and seen quite a goos amount of open ports with some interesting services. I’ve been following this tutorial that i’ve found online, is this a good place to start? 389, 636, 3268, 3269 - Pentesting LDAP - HackTricks
Hi, can someone please help with a technical issue?
I’m in the final step but something isn’t working
on google type “sqsh enumeration” select the first link and go ahead bro you can do it.
Hi, once I have cracked the NTLMv2 hash for sql_svc, what can I google to continue?
What questions I should have asked myself in order to keep going? I tried ASREP roasting with a list of users got from rpcclient, but no one from this list seem to be vulnerable.
Hmmm
Thanks in advance
EDIT:
- When you get credentials, search for any services up on the machine (like remote access) where you can enter those credentials.
I have finished the box but decided to do it again. This time I can’t seem to get evilwin-rm to download a file. The command says it was successful but I can’t find the file. I just did this last week. No idea whats going on . Is this the correct syntax “download root.txt /home/kali/HTB” ?
To the poor souls out there struggling on this machine, a critical piece of information that no one gives about this machine is:
Enumerate PKI, and you will find your way.
Whenever I need to send a file from windows to my kali, I do:
- set up an smb server with impacket’s smbserver.py
- mount the share on the windows
- send it via powershell