I got user and I already went through history and know what I need to do but the command that I am using is not working. When I try to load A*****.dll I get an error that I can’t seem to get around. And advice?
What did u use to exploit the ldap ? Or what way did u use to get the admin pass?
thank you. I got it.
I’m having trouble with the last step of this box, but the cmdlet i need is not found and I am unable to import A*****.dll. Any advice?
So yes I can help. There is a Get function you can use w/o privs that returns the LAPS pw
I have tried that, but it tells me that the term Get-A********** is not recognized and I have been trying to fix that for a while now
thanks! that worked for me, it looks like I was down a rabbit hole trying to get another cmdlet to work. May I ask how did you come up with the command?
Google lol. I had to search intently for it
A relatively straightforward box. I enjoyed working on it 
.
User. This is classic Windows stuff. Do basic enum and you’ll discover an interesting file. Research the file format. Find out how to extract its secrets. Use those secrets wisely and you’ll own the user.
Root. Remember the stuff you found during the enumeration and recall the name of the box. Google for a bit and the answer will be obvious. But there’s a snag, something many people here appear to be stuck on: the access you have isn’t sufficient. You need to pivot. As others have suggested, history is important here, but you have to go further back than just the stuff G**-H****** shows you…
Anyone able to give a nudge? I have the .c** and .k** from .p** and a possible username from the .p** using strings. I’m trying to crack the password with cra****c for the username ly
Hi everyone. If this one is easy then I can’t imagine what a medium box is like. I went down so many rabbit holes. Thankfully the forum comments helped guide me in the right direction. To anyone still working on this one, do not give up. Just think about every open service and examine thoroughly any documents you find while enumerating. Mods please redact anything I said if I have said too much. Big thanks to the creator of this machine for providing a great education exercise on Windows/Active Directory.
WOW… took a min… or a day… don’t over think it…
There are enough hints on here that you should be able to figure it.
I got a user shell rever, but the user flag I found is incorrect, also I can’t run exe or ps1 files, is this part of the machine challenge, or am I doing something wrong? can anyone help me?
i’m in a dead end, i managed to open the file z … and p … and recover a private key now what do i do with it … i’m a beginner…thanks … give me an input
Hola, tuviste acceso al root? Yo estoy pero no consigo la flag 
Hola alguna pista como conseguir la flags de rrot ya estoy dentro pero no consigo el ,txt 
has anybody been able to install a vnc server on the box? Outbound connection working fine but session would close immediately on connecting.
Im stuck i log with administrator but i can’t find root.txt, can someone help me ? (edit :My bad found it)
1 Like
Yo estoy igual tengo acceso como administrador pero no consigo la flag root.txt