Sauna

pwnshell · March 31, 2020, 9:39pm

Trying kerberoasting to get another SPN ticket, getting error

Kerberos SessionError: KRB_AP_ERR_SKEW(Clock skew too great)

Can suggestion please…!!

bfons808 · March 31, 2020, 11:01pm

Guys,

I’m on the last step trying to get root. When I pet the cat, I consistently get this error:
[-] SMB SessionError: STATUS_MORE_PROCESSING_REQUIRED({Still Busy} The specified I/O request packet (IRP) cannot be disposed of because the I/O operation is not complete.)

What am I doing wrong?

tobig · April 1, 2020, 12:30am

Type your comment> @Ad0n said:

Hey guys is clock skew giving anyone problems ?

if not installed:
sudo apt install ntpdate
then run:
ntpdate 10.10.10.175

then fire up your oven.

nuok · April 1, 2020, 2:58am

I’m trying to get the initial user credentials but the tool i’m using keeps coming back with “killed”. Anyone able to help me out

heisenb3rg · April 1, 2020, 5:35am

Well this box elevated my status from a noob to a hacker and made me learn a lot. Thanks @egotisticalSW

heisenb3rg

th3g3ntleman · April 1, 2020, 6:04am

Rooted !!
Guys don’t look too much into dog, Cat is your friend
PM for nudge

cY83rR0H1t · April 1, 2020, 6:16am

Type your comment> @traut said:

got both users, got hash for user A pass via s*********p, but can’t crack it with john/cat. Quite stuck here, please send help

Try harder - John can crack one hash

traut · April 1, 2020, 8:27am

@cY83rR0H1t not sure, it didn’t work on my system. But turned out (thanks @RedDevil09 !) it is not necessary

Parttimesecguy · April 1, 2020, 2:29pm

Rooted… finally, with the assistance of @VbScrub and @thePtrPn. Still need to work on my windows and DC enumeration and exploitation, but this is a nice box for that

FatPotato · April 1, 2020, 8:04pm

how do i fix evil that doesn’t want to connect me? I get a variety of errors, but all among the line - connection refused. i tested creds on smb server, they are correct.
I resetted machine a few times, it’s not helping.
Is there maybe another tool i can use to get a shell?

NVM. i just can’t read my own notes properly >.<

VbScrub · April 1, 2020, 8:07pm

Type your comment> @FatPotato said:

how do i fix evil that doesn’t want to connect me? I get a variety of errors, but all among the line - connection refused. i tested creds on smb server, they are correct.
I resetted machine a few times, it’s not helping.
Is there maybe another tool i can use to get a shell?

you can’t fix it really. Its a problem on this box for some reason… it just stops accepting connections on that port. Reset it several times and hope for the best or report it to HTB and hopefully they’ll take it more seriously than when I reported it a while ago

EvilT0r13 · April 1, 2020, 8:23pm

Type your comment> @VbScrub said:

Type your comment> @FatPotato said:

(Quote)
you can’t fix it really. Its a problem on this box for some reason… it just stops accepting connections on that port. Reset it several times and hope for the best or report it to HTB and hopefully they’ll take it more seriously than when I reported it a while ago

This was what had made me stuck on the box for so long. What’s weird was I couldn’t even see the service running in my scans. Eventually, what had worked for me was changing my server .

stoneric · April 2, 2020, 5:18am

I had an absolute heck of a time using the evil one and uploading the peas and carrots. I could not execute, just error after error after error. I couldn’t execute the exe. I really don’t know what I am doing wrong. Oh well. Keep trying. Even tried the full path to the file, still nothing. Try Harder I suppose!

misc2342 · April 3, 2020, 3:31am

I need a tip for root. Is it normal that the password of user h***** has expired?

an0ndb9 · April 3, 2020, 6:16am

Rooted <3

Pm if somebody need’s nudge. Happy to help always

cY83rR0H1t · April 3, 2020, 7:02am

Type your comment> @misc2342 said:

I need a tip for root. Is it normal that the password of user h***** has expired?

No. Password remains the same it never expires.

juanpablito · April 3, 2020, 1:56pm

Type your comment> @nobyl said:

Type your comment> @kpwn said:

I have creds for 3 User accounts but login only works with one of them.
The account starting with s… has a long PW starting with Mo…
But i cannot login with that account. Is the box stuck?

Possibly. You should be able to connect with that sc account via e**-w***m.

Hello,
I am in the same situation as nobyl. Got s** password but unable to login …
Box was reseted 3 times and I still can’t, is there soemthing I’m missing?

Edit: got shell, had to find logon username for this account.

Wolfman000 · April 3, 2020, 8:59pm

How the heck do i copy “SomeBloodyInfo” from PS to my kali host?
Been taking a walk into the forest but the steps seem to fail.

Please assist with hints!

jfcmsb · April 4, 2020, 1:47am

Hello, first machine I’m trying, love HTB

In my case, I am either on a rabithole or close to finish.

se…mps.py got some juicy secrets but ha…at seems to fail using some basic syntax using a very well known rock file. Am I missing something?

Thanks

exzandar · April 4, 2020, 2:22am

That was my first windows box and i pwned it and i learned many new things i didn’t know before!

for the foothold: try to think as an admin, or you can read about how companies refers to employees names in emails.
for user: I really missed chicken roasting! Try to roast something.
for root: winPEAS.exe will help you in basic enumeration then find the wanted AD attack!

If you need help, just DM me and if you already pwned it you can pass-the-flag here [ The walk through of sauna box from HTB. – MagMadiat ] to read my write-up