Nice box. Although the user part took me too long, but I’ve learned to read more carefully everything I enumerate.
Now some hints, hope it’s not a spoiler.
User:
Enumerate the box like you would any other windows box. There are few tools to get user list.
Read all what you get.
What you found might be valid for someone else…
Did you get everything from nmap?
Root:
step 1: Enumerate more You don’t need any enumeration tools here. poke at every folder that you find. There are hidden secrets!
step 2: See who you are, google it, don’t overthink - the most simples exploit will work.
Banging my head against the wall on this one. This is my first attempt at any box and am stuck on the gaining root part. I have user 2, I know the AD group the user is in, I know there is an exploit for it but I’m unsure about the next step. Confused as to which tool to use next, there just seems like so many options! Can anyone provide any tips? Thanks in advance.
Banging my head against the wall on this one. This is my first attempt at any box and am stuck on the gaining root part. I have user 2, I know the AD group the user is in, I know there is an exploit for it but I’m unsure about the next step. Confused as to which tool to use next, there just seems like so many options! Can anyone provide any tips? Thanks in advance.
Banging my head against the wall on this one. This is my first attempt at any box and am stuck on the gaining root part. I have user 2, I know the AD group the user is in, I know there is an exploit for it but I’m unsure about the next step. Confused as to which tool to use next, there just seems like so many options! Can anyone provide any tips? Thanks in advance.
Finally rooted. for my first machine on HTB( or ever) it was so fun for me,
the User flag was piece of cake just enumerate and that’s it.
for root everything was so straight forward for me but that AV. i had to create my own exploit and when that works it really worth the c++ coding