To those that are really stuck, here are my hints:
Summary
Foothold: Basic enum (make a note of WHAT you find), cracking, googling how to use it.
User: As already mentioned, look into the past. Use what you find to reconnect (I used a GUI tool) and search for “it” (recall what you found earlier). Again, google will help here.
Root: Reconnect with “it”. Done.
To the mods, if I have given away too much please remove it.
I’ve gotten the p** file and have the k** and c***, but am completely stuck on what to do next… Been trying loads of ldapsearch and researching switches… Maybe I’m barking up the wrong tree
search how to use it.
AD enumerate is waste of time for this box, although the last step involves specific AD query.
(i wasted a lot on it trying switching from user to another account for root, until reread hints from this post)
User: Basic enumeration should get you the interesting item. Figure out how to use it properly
Priv esc: a favorite script will show you the way
Root: I used bloodhound but totally unnecessary
If you’re stuck feel free to reach out, but please let me know where you’re stuck and what you’ve tried
so, new to this, hence asking… ive probably missed somethindg in my recon, s******** to /D** and found a .p** file, used z2****, but blank when i try to create .p and .c**, confirmed i couldnt import in to b********* without a pa******, so ive missed or not found this…
That is a very cool machine . I struggled a bit with the foothold ,kind of misinterpreted the info I got after obtaining the thing and decrypting it .But after a little nudge from @cmoon, @ooscubyoo kind of realized that I was doing it wrong. Once I figured it I got foothold. Then after running the usual enumeration script I found the way to actually read smt more and read the root flag . So i didnt have to do priv esc .It was more like using the info from the tool to read smt related to the thing we found in the beginning. So if anyone is stuck feel free to PM .
Hi, it’s being a long day with this machine and still stuck in the beginning. I have that file that we have to transform from .*** to .*** not spoiling the extension. Already now it’s not crackable since i have tried the whole rockyou. Seriously need a path to investigate, appreciate if someone can enlighten me.
I’ve been stuck for a long time, I’ve got the .p** file and split it into * separate files - but I’m very very unsure what I use them for. Any nudges/hints would be greatly appreciated.
you can crack this with kali out-of-the-box, or download a utility to do it in a single step (DM me for more info on this). If you just want to stay with Kali (or probably ParrotOS too), think of one of the most popular cracking tools… With that in mind, think of first converting the .p** file to a format for that cracking tool.
Hint 1: You may have used this tool to crack the initial zip file. If so, repeat the process for the .p** (convert, then crack)
Hint 2: The convert tool ends in .py, so you can LOCATE it using the full name p _ _ 2 _ _ _ _.py
I’m trying to keep this fun without spoiling, so if this is still no help, DM me and I’ll happily explain in better words