Sauna

b3nd0 · February 21, 2020, 8:03pm

Droppin’ shellz on ‘em! Live that nerd life. Fly the flag.
Droppin’ shellz on 'em! Listen to me newbie, don’t laugh. Find the path mother-mother, get the hash mother-mother.

what lovely sight:

 Directory of c:\Users\Administrator\Desktop

01/23/2020  03:11 PM    <DIR>          .
01/23/2020  03:11 PM    <DIR>          ..
01/23/2020  10:22 AM                32 root.txt
               1 File(s)             32 bytes
               2 Dir(s)   7,768,162,304 bytes free

Mouse51180 · February 21, 2020, 9:12pm

Anyone willing to hold my hand?

This is my first attempt at …I don’t even feel comfortable saying hacking…lets call it beating this environment with a sloppy virtual salmon…and dont think I have gotten any useful info.

I took an online CEH course and have been over my enumeration lab and notes 3-4 times now and still am not getting anywhere. I dont know if im not using the proper tools or if I am using the right tools the wrong way. I have read through this forum posting and have read the hints other people have dropped…it still just isnt enough for me unfortunately.

It could be that jumping too far into the deep end then what im ready for…im not really sure.

I am willing to share my onenote where I have been storing all my data to prove I am giving an honest attempt and not just trying to get a quick answer.

If you might be willing help guide the noobiest of noobs…I salute you and eagerly await your PM.

VbScrub · February 21, 2020, 9:22pm

@Mouse51180 to be fair the method of getting the first user relies on one very specific script combined with a bit of general enumeration and common sense putting data together from other sources. So I would say its probably not the best first machine to do. I’d recommend trying to get the user flag on Resolute first as that’s probably the easiest windows machine flag at the moment. Having said that, if you want to stick with this box, send me a PM with where exactly you’re at and I’ll help

MadBitSec · February 21, 2020, 9:40pm

Just got Root, it was a privilege to complete this box. Thanks to @egotisticalSW for creating this box and @captainSwift for the tiny nudge that got me to root. Learned an incredible amount about AD, which will be useful when I start Forest. Feel free to DM for a nudge if you’re stuck. Stay Hungry!

Selcius · February 21, 2020, 10:20pm

Rooted !
Was pretty fun even if i had dependencies problem with some tools i’ve used.
User 1 : Always think about how usernames are made by admins and the rest you got it in you POCKET
User 2 : Windows enumeration tools are out there use one
Root : Well, straight forward when you got your POCKET full with what you need.
You can always PM me for tips if you need.

Droctapus · February 21, 2020, 11:12pm

So am I missing something? I have the creds for S**-l********* and am trying to use ev**-****m and it will not connect am I missing something?

Got it thanks cybrscrp

scoobay · February 22, 2020, 1:06am

Help Please! Got both users and their credentials. Tried the tools in my pocket, got pass the time sync error, enumerated the box more, but still nothing. A little nudge in the right direction will be much appreciated.

Edit: Got it! thanks to @Kerts for letting me know i was on the right path! Note to self, don’t run s**********p via a symbolic link folder :smdh: also this box can be really slow at times, so be patient / retry your scripts.

MrW0l05zyn · February 22, 2020, 2:58am

Sauna machine finished. It was not easy, but that is what it is, to learn constantly. Especially the service that must be exploited, which is extremely used in companies and a bad p******** c************ generates a large security breach. Private message if you need help with “Sauna”.

Thanks @egotisticalSW!

somecanadian · February 22, 2020, 6:11am

Nice box. I’m more Linux than Window so I learned some new things. Thanks to the creator. I think that the hard part is the 1st user.

PM for help ?

DarioTwitta · February 22, 2020, 12:15pm

It’s getting frustrating, why the same evil ruby tool is not working anymore? I already issued a reset

mx64 · February 22, 2020, 1:13pm

Type your comment> @DarioTwitta said:

It’s getting frustrating, why the same evil ruby tool is not working anymore? I already issued a reset

did you get the cred of the user f****h ?

DarioTwitta · February 22, 2020, 1:29pm

Type your comment> @3LI said:

Type your comment> @DarioTwitta said:

It’s getting frustrating, why the same evil ruby tool is not working anymore? I already issued a reset

did you get the cred of the user f****h ?

Thanks
I moved from VM to physical Kali and now it’s working wtf

Kerts · February 22, 2020, 1:40pm

Rooted! Nice box. PM me for hints if you need.

mx64 · February 22, 2020, 3:44pm

all the command with the evil put me 10 sec
I read all the forum and enumerate
what’s the next step after user2 for root ?

Jumecittu · February 22, 2020, 5:33pm

Very nice machine, two hours waste for a stupid “t” egoistical instead of egotistical :-/ user1 is a simple list, user two is clearly visible and administrator is a secrets****

mx64 · February 22, 2020, 6:49pm

ROOTED
thanks for every body who help me

footholder + user 1:
OSINT on website with some tool in i****t
and some el activity

user 2 :
simple wPS tool to enumerate windows box

root :
dump the secret of who you want
and with some e**l activity

FEEL FREE TO PM

davihack · February 22, 2020, 10:18pm

It was getting really hot in there!

PS C:\Users\Administrator\Documents> whoami
***********\administrator

Hack The Box

braj · February 22, 2020, 10:26pm

Was able to get root flag. Can anyone message me what misconfiguration the user had that you could s********* without being in an admin group?

love07oj · February 23, 2020, 3:03pm

Spoiler Removed

DarioTwitta · February 23, 2020, 3:06pm

Ok rooted. Easy but looking where I wasted most of the time: many hours because my Kali installation is half broken and 1 day because I didn’t read correctly the service user’s name.
To get root you need to read very well the name of the users!