Sauna

VbScrub · February 15, 2020, 8:05pm

Type your comment> @gverre said:

Is the user H… S… the good path?

That’s the only user I’ve found so I assume so, but trouble is I can’t get anything more than his full name. Can’t get username or anything like that

Crafty · February 15, 2020, 8:11pm

Found only one user and every tool related to the attack hinted in the website are not working…

grav3m1ndbyte · February 15, 2020, 8:12pm

LOL…I just started it, it hasn’t been up for more than an hour and half, and the two bloods were taken already! damn!

olsv · February 15, 2020, 8:19pm

Found user s…a, but don’t see a way to utilize it

cerebro11 · February 15, 2020, 8:19pm

Rooted !

Some hints :

PM if you need more help !

jps3 · February 15, 2020, 8:30pm

What? They can’t print money? Guess that would be a RICO[h] act violation.
(Inside job, er joke.)

FlatMarsSociet · February 15, 2020, 8:42pm

Are you guys using a linux or a Windows attack box?

knuijsting · February 15, 2020, 8:43pm

kali here

sazouki · February 15, 2020, 8:47pm

found one valid user but no roasting here

BlWasp · February 15, 2020, 8:52pm

I got H*** S**** with an enum, but impossible to find his SID or his username… Any hints ?

maro584 · February 15, 2020, 9:02pm

Is AD atack is related to IPV6?

olsv · February 15, 2020, 9:03pm

just observation… apart loren ipsum stuff there is also a bunch of random letters in tags. any use for them?

holsick · February 15, 2020, 9:27pm

Found a valid user but cant find valid pass to go further. Must be missing something simple?

jps3 · February 15, 2020, 9:28pm

Type your comment> @olsv said:

just observation… apart loren ipsum stuff there is also a bunch of random letters in tags. any use for them?

The Team page is a very common place to get names from which to create some lists of username guesses. But not much in the 'ol lorem ipsum really.

olsv · February 15, 2020, 9:34pm

One of the words that cewl gathered is actually a user, but I have no idea where the hell it came from.

godylockz · February 15, 2020, 9:49pm

Just do it!

jugulaire · February 15, 2020, 9:50pm

Yes don’t use any tools. It’s overkill !

Note : Still struggle on the root part

VbScrub · February 15, 2020, 9:52pm

Type your comment> @godylocks said:

For user:
Use the same methodology as the Forest box
Search the webpage for users and try every combination of naming conventions

aw man is it another guess the common password config game. I assumed it was gonna be a little more involved than that

EDIT: Ah good, it wasn’t that

jugulaire · February 15, 2020, 9:55pm

No, it’s just a listing of each user and some manual work on it
Think like the admins of the company

T13nn3s · February 15, 2020, 10:23pm

Owned user on this box! Now going for root.