Are you sure you are connected to the right VPN?
Incredibly frustrating so far, not because of the machine itself but because of the tools you need to be using. Just one thing, if none of the tools work for you try using single instead of double quotesā¦
Wow. The evil program was giving me problems since the day this machine released ( HTTPClient::ReceiveTimeoutError ). I finally figured out that turning off my host machineās VPN solves the issue. Iāve seen people post this issue in other machine discussions but never a solution ā so I thought this was important to share.
1 Like
Iāve got User access to the box, currently navigating using Evilā¦ I think I have the foothold for Admin but my ticket there does not seem to be working. Any help or a DM is much appreciated 
Got it! Make sure your hostnames are correct and yes, in some cases it is better to use Linux alternatives.
Hit me up for an assist.
Iām stucked on rubeus part ticket created but showing access denied how to proceed further
Someone helps me to find username? Ive already the password analyzing the executable file.
You have access to multiple SMB shares. Look up what you might be able to do with the share you havenāt used yet.
Could someone help me? iām at the end of privesc. I followed the guide about obj takeover and used the windows tool, but at the end, i cannot list admin files.
Hi
As I have no experience in coding, how do I get the PW from the decrypted key? I tried but have failed many times. Tks.
Hi Lddj90,
What do you have so far? If you can see the decryption key, then you are looking in the right place.
The approach I took was to try the support-tool, just to see what it does, and then used ādebug modeā to ābreakoutā at a point where I could see what I needed.
Hope this helps.
Hey guys Iām a bit lost on the lateral move/priv esc. I was able to obtain the creds for a user from a very spicy file. I used those creds with bloodhound and found a user I think I need to use su**** however I am a bit lost on how to obtain itās creds/hash. Any hint or DM would be appreciated.
Ok I am new to HACKTHEBOX and I think that I am stuck right now in this machine. I got the l*** user credentials but I couldnāt do anything with it but some domain enumeration. I think that I am missing something here
I have found the goodies in UserInfo.exe I am using dnSpy to see how they are used in the code. I feel I have what I need to log into ldap. No luck. I feel like its a misuse of ldapsearchon my part. Any help?
guys, can you tell me step by step how to capture the flag in support machine? I tried to do it with xfreerdp - no possible, tried with smb but i canāt open zip files. Please help me!)
I am also new hereā¦can any one tell me that smbghost gonna work on this box or not?
I have decrypted the password in UserInfo. Trying to use ldapsearch with the decrypted password, and what I believe is the username as shown in the code line:
this.entry = new DirectoryEntry(āLDAP://support.htbā, āsupport\ldapā, password);
Keep getting authentication errors.
EDIT: got it. And the missing cred for my evil friend.
Very good box, maybe a bit challenging for someone who is new at windows and AD pentesting like me. One piece of advice for the PE part try to execute it from your box with the linux tools that are available. I had some trouble trying to do it with the windows equivalents.
1 Like
Can somebody give me a nudge?
I have the user flag, took the dog for a walk, got what I thought was the privesc route, but Access_Denied.
Whenever I try to do that, I keep getting encoding issues after it appears to be working. Have tried on several different Kalis ā¦ Any ideas?