Hey guys if someone can give me a hand.
ive tried with ldapsearch but i didnt find the password of the first user am i on the right path ???
got root but tried to replicate if again but cant seem to repeat this time, does seem inconsistant
Rooted. Really fun machine that I learned a lot from.
For that other user, not everything is immediately visible…
I would really appreciate anyone sharing their enumeration tips as to how the root path was uncovered via PM. A friendly green vegetable didn’t reveal that…
After 2 days finally rooted that box. Biggest challenge for me was using Powershell with those brain-damaged Get-ChildItem. And finding way to compile Windows DLL on Linux. Great box though, very entertaining and real-life feeling. Thanks a lot @egre55
Rooted, onto Cascade! PM for nudges/help. Respect greatly appreciated (and expected, as I give respect to anyone who responds to one of my messages or helps me on Discord - profile link is Login :: Hack The Box :: Penetration Testing Labs).
Really cool box. Especially if you’re new to Medium level boxes, this would be a comfortable start.
HInts!
User: If you’ve done boxes Active, Sauna and Forest, follow the same methodology and READ EVERYTHING!
Root: Enumeration is key. look for not so obvious files then look at who you are on the box.
I would appreciate some nudge here, second user ok, I can see this guy is in ds***** group, so i prepared my d** with **f***m however I cannot take it to the machine, Doesn’t seem the AV at all, I tried to upload it with http and smb but nothing, any hint here? thanks!
Or in the other case, which module of mc**** should I use!
@aldebaransec said:
I would appreciate some nudge here, second user ok, I can see this guy is in ds***** group, so i prepared my d** with **f***m however I cannot take it to the machine, Doesn’t seem the AV at all, I tried to upload it with http and smb but nothing, any hint here? thanks!
smb is your friend here.
Dont try to upload it and store it on the server, have the service call it.
Hello!
Probably the best box since I started hacking the box.
A few clues even though I think that said it all.
User: Enumeration is the key (again). If you don’t find it quickly, you’re probably missing some notions for windows enumeration. Try to find a box that had the same services and look at the enumeration techniques on Write Up. There were as many as there are trees in a forest.
User2: The answer is given in the first 10 pages of the forum…
Root: I don’t think there’s much to say about that once you look at who you are, with a simple google search the box is solved.
Little tip:
- Stop believing what’s subjective. When someone tells you that it’s an easy box it can be very hard for you. For my part, there are some very easy boxes that I didn’t pass and I found it very simple.
I don’t know why some people talk about lazy administrators etc. but I don’t think you need that to succeed.
If you’re really stuck I’m available for pm (French & English)
Rooted. Nice box, a few tricks I hadn’t seen before. As I’m trying to expand my windows skill this was very educational!
Much has been said about all parts of the box already, but there is one thing I got stuck on when escalating to root a little bit so I want to mention this:
Be quick. Stuff resets before you know it and your changes will be overwritten.
Finally done! I learnt a lot from this box. Just amazing. And advice I can give you is that if you’ve found the way to get root, be careful while setting up the tools you will need, you may be right in your path, yet you may be using the tools with wrong syntax. Try harder!
has anybody had issue with restarting d** service?
Edit-Rooted using the intended way. i had to stop d** twice and start it twice to get it to restart.
Notes overall
hints on the forum are pretty good to get you moving. I would say this was a very real life kind of box. User2 really got me waste sometime but when i saw it, i realized the fun part of it as in real world too admins make similar mistakes, beins unaware what they are sending in a command…
Root- was fun, service thing pissed me a bit as i thought it might have gone corrupt due to multiple attempts. At the end it was really a fun box. multiple attempts made me perfect the technique, i mean every bit.
Good job creator.
need help cat ain’t responding even after following the ds way. Hosted the payload in sb
I am stuck trying to own the 2nd user.
I tried everything written on the forum. I know i am missing something but i just don’t get it. I am not really good with Windows so i want to improve.
EDIT : lol found it but i don’t know if the way i found it is “the way to go”. If someone can explain me WHY did i found them HERE 
Can someone please explain to me why for e****-w**** the user has to be “\[username]” and NOT “MEGABANK\[username]”. This issue costed me 2 hours.
Rooted!! Thank you @egre55 I learned soooooo much about Windows enumeration techniques…and commands LOL. Loved the clues you left! PM me for help!
Great box, just rooted!!
I am new on htb and this was my first root box. I have some backgroud on system admin but this is an all new world. Ty for the hints guys
Hello All
I think I need just a little help
I got the cred for the 2nd user, I see the associate service and how to injecte a file
but that don’t work… :neutral: