Sauna

found one valid user but no roasting here

I got H*** S**** with an enum, but impossible to find his SID or his username… Any hints ?

Is AD atack is related to IPV6?

just observation… apart loren ipsum stuff there is also a bunch of random letters in tags. any use for them?

Found a valid user but cant find valid pass to go further. Must be missing something simple?

Type your comment> @olsv said:

just observation… apart loren ipsum stuff there is also a bunch of random letters in tags. any use for them?

The Team page is a very common place to get names from which to create some lists of username guesses. But not much in the 'ol lorem ipsum really.

One of the words that cewl gathered is actually a user, but I have no idea where the hell it came from.

Just do it!

Yes don’t use any tools. It’s overkill !

Note : Still struggle on the root part

Type your comment> @godylocks said:

For user:
Use the same methodology as the Forest box
Search the webpage for users and try every combination of naming conventions

aw man is it another guess the common password config game. I assumed it was gonna be a little more involved than that

EDIT: Ah good, it wasn’t that

No, it’s just a listing of each user and some manual work on it :blush:
Think like the admins of the company

Owned user on this box! Now going for root.

User is relatively easy if you have done Forest and Monteverde. Any hints for root?

Type your comment> @sp00fer said:

User is relatively easy if you have done Forest and Monteverde. Any hints for root?

I’ve finally got it, but I gotta say it was considerably harder than how it was in the other machine you mentioned where GetN******* just found the info without you having to even know the username. In this one you actually need to take an educated guess at the username before you can get the info from the script I mentioned, unless I’m missing something.

@VbScrub said:
Type your comment> @sp00fer said:

(Quote)
I’ve finally got it, but I gotta say it was considerably harder than how it was in the other machine you mentioned where GetN******* just found the info without you having to even know the username. In this one you actually need to take an educated guess at the username before you can get the info from the script I mentioned, unless I’m missing something.

(Quote)

Yeah man, I use other command for obtain the info, but now I need a pass :smile:

Nice box , i was in rabbit hole for some time , but it was more simple than i thought

I’m on edge-eu-vip-24.hackthebox.eu
and the box responsiveness is absolute garbage on smb port

I’ve got some creds that I know are allowed to Powershell in, but the powershell service seems to be down now even though it was open during port scan earlier… can’t even telnet in to that port. Might have to do a reset

EDIT: After a reset all worked fine, so I’ve got user and now on to root :slight_smile:

@VbScrub said:
I’ve got some creds that I know are allowed to Powershell in, but the powershell service seems to be down now even though it was open during port scan earlier… can’t even telnet in to that port. Might have to do a reset

working on my end, but the box is being raped by everyone atm

got user on to root
needed a git pull for the tool to connect