Sauna

Got user.

Coming from another box, I could identify the path to root just by listing permissions manually with the native windows tool.

Now researching privesc to that user.

Is the user H****h a rabbit hole?

EDIT: rooted

Dropped some peas to catch second credentials, but could not identify the path manually. Nudges?

I am having trouble getting started, I enumerated what appears to be pretty important on this machine, but still not receiving creds. Could use a nudge (I have a feeling LDAP is an important part to the foothold?)

Type your comment> @instasec said:

I would just like to put my two cents in, with all the misinformation out there, you do not need to guess to get the initial username needed. There are tools to find the list of usernames on this box.

Can you send my a PM which tools I have to use therefore?

his is my first Windows box and I’m quite stuck. Someone for a PM nudge in the initial foothold? Thanks.

Type your comment> @xmvrvg said:

his is my first Windows box and I’m quite stuck. Someone for a PM nudge in the initial foothold? Thanks.

Start with basic enum

@xmvrvg Simple passive Informationen gathering. After that a known toolkit will help you.

@VbScrub youtube Channel is a very good source for some Basic AD things, you can use here :slight_smile:

Started this box last night. Got user, similar to some other AD boxes for foothold. On to root.

Ok so i think i have the user accounts but all efforts to come up with a password have failed. I know i can access 2 things anonymously but haven’t been able to figure out how to proceed. looking at 2 ways in based upon my scan. who can PM me to nudge me in the right direction? I dont want to share what i did to spoil so i kept it vague. HELP!!!

Hi, can someone please point me to articles on how to successfully copy files on to Victim to execute specifically using evil-**rm.

@idevilkz said:

Hi, can someone please point me to articles on how to successfully copy files on to Victim to execute specifically using evil-**rm.

Finally, I got root.

Thanks to @kalitkd for clarifying some steps in order to complete this box. If at some point, I could help someone else, please let me know.

pp123

Can anyone please help me i tried to find the user’s with basic tools but can’t find any thing i also try with team member’s name in their web but can’t get any thing ???

can someone please tell me how to download files onto my kali system from evil.
I am using download filename, it says successful however nothing appears. I also tried adding /home/foo/bar but no joy.

Type your comment> @pagal said:

Can anyone please help me i tried to find the user’s with basic tools but can’t find any thing i also try with team member’s name in their web but can’t get any thing ???

you need to look for a very basic naming convention which is in use in nearly any domain environment.

Type your comment> @idevilkz said:

can someone please tell me how to download files onto my kali system from evil.
I am using download filename, it says successful however nothing appears. I also tried adding /home/foo/bar but no joy.

For what it is worth, for me putting the paths in the command to start evil did me no good. I just used “download fileNameOnTarget fileNameOnKali” and the file was placed on my Kali box in the directory from which I ran evil to connect.

Type your comment> @pagal said:

Can anyone please help me i tried to find the user’s with basic tools but can’t find any thing i also try with team member’s name in their web but can’t get any thing ???

If you have not already, read through all of the existing comments. There are some extremely helpful hints on pages 4, 5, and 7.

The key is finding the right tools. Googling “active directory enumeration kali” may be helpful.

And, don’t over think it. @somecanadian was kind enough to remind me, and that simple statement got me to “root” after days of hitting my head against the wall because I was really overcomplicating it.

Hey all, might’ve remade the wheel here but I wrote a Python script for generating usernames. Should be pretty useful for this box. Check it out - GitHub - dpdug4n/UserNameListGenerator: Generates a list of usernames based off of common naming c

Type your comment> @Kolisar said:

Type your comment> @idevilkz said:

can someone please tell me how to download files onto my kali system from evil.
I am using download filename, it says successful however nothing appears. I also tried adding /home/foo/bar but no joy.

For what it is worth, for me putting the paths in the command to start evil did me no good. I just used “download fileNameOnTarget fileNameOnKali” and the file was placed on my Kali box in the directory from which I ran evil to connect.

thanks. I must be doing something basic wrong.
I have generated the .zip within Documents folder.
I am typing download filename.zip fn.zip

it tells me check filenames or path???

can i get some format help with the cat or the rip? anyone anyone…buller :smile:

Type your comment> @idevilkz said:

Type your comment> @Kolisar said:

Type your comment> @idevilkz said:

can someone please tell me how to download files onto my kali system from evil.
I am using download filename, it says successful however nothing appears. I also tried adding /home/foo/bar but no joy.

For what it is worth, for me putting the paths in the command to start evil did me no good. I just used “download fileNameOnTarget fileNameOnKali” and the file was placed on my Kali box in the directory from which I ran evil to connect.

thanks. I must be doing something basic wrong.
I have generated the .zip within Documents folder.
I am typing download filename.zip fn.zip

it tells me check filenames or path???

Hmmm… that is odd. If filename.zip is the file on Sauna you are trying to download your kali box, that should work. Try making your evil connection without any of the “path” options.

There is a really manual way to get the file across if the evil download won’t work.
PM me if the download doesn’t work and I’ll explain.