Sauna

Starting the thread for this new Windows box from none other than the machine approving man @egotisticalSW himself

Hype Train Incoming!

I bet first blood on 27 mins…

###OBV NOT FROM ME

Type your comment> @davihack said:

I bet first blood on 27 mins…

###OBV NOT FROM ME

Hahahaha you know it

instructions unclear. Put my PC in a sauna.

Damm, I’m ready!!!

roast that dog lol

first blood and i’m not even finished scanning.

no particular information regarding the classic enumeration, the null sessions seem not to work. Maybe the only solution is to study the website and think of a rev shell but it’s all very slow :cold_sweat:

LOL This scan is taking painfully long time. Nmap says that it’s one hour remaining in my case. Is this machine under THAT much load right now?

Type your comment> @Bl4ckB0y said:

LOL This scan is taking painfully long time. Nmap says that it’s one hour remaining in my case. Is this machine under THAT much load right now?

I often can’t even connect to the box.

Machine is working fine for me on EU Freem but so far its really kicking my ■■■ for an easy box lol can’t get an initial foothold at all.

Found plenty of open ports but absolutely nothing useful on any of them other than the domain name. Studied all the source code and HTTP requests on the website and got nothing useful, no anon access to SMB or anything else, and even though I can get some very basic info from L*** I can’t actually get any usernames or anything interesting. Dirbuster didn’t find anything on the website either and its all just plain HTML with no javascript to look at or anything like that, so I’m pretty stumped and might have to resort to just throwing random impacket scripts at it lol

same here bro! and for the rest of my team…

Type your comment> @VbScrub said:

Machine is working fine for me on EU Freem but so far its really kicking my ■■■ for an easy box lol can’t get an initial foothold at all.

Found plenty of open ports but absolutely nothing useful on any of them other than the domain name. Studied all the source code and HTTP requests on the website and got nothing useful, no anon access to SMB or anything else, and even though I can get some very basic info from L*** I can’t actually get any usernames or anything interesting. Dirbuster didn’t find anything on the website either and its all just plain HTML with no javascript to look at or anything like that, so I’m pretty stumped and might have to resort to just throwing random impacket scripts at it lol

I am in a very similar situation lol

Is the user H… S… the good path?

Type your comment> @gverre said:

Is the user H… S… the good path?

That’s the only user I’ve found so I assume so, but trouble is I can’t get anything more than his full name. Can’t get username or anything like that

Found only one user and every tool related to the attack hinted in the website are not working…

LOL…I just started it, it hasn’t been up for more than an hour and half, and the two bloods were taken already! ■■■■!

Found user s…a, but don’t see a way to utilize it

Rooted ! :slight_smile:

Some hints :

  • For user : google “AD attacks” and try to find valid users
  • For root : basic enum and then check for AD rights

PM if you need more help !