Sauna

Get user :wink:
Now root.

Got root!

PM for nudges

Spoiler Removed

Still looking for a way to privesc using CVE. Is there anyone who managed to get it working?

Spoiler Removed

okey got svc**** password any hint what to do next is it involving create silver ***** ?

Spoiler Removed

People pls,

Dont spoil the solution by commenting “this box is just like box x or y”

This is more a spoiler than a nudge…so dont comment like this in public and save these pointers for DM.

Thnx ??

This box is actually a Copy Paste lol

Spoiler Removed

Type your comment> @Xtronum said:

I’m at a complete loss here. Can’t even get user. Just started HTB last week did a bunch of Retired machines the last couple of days. Saw a new ‘easy box’ and figured it would be my foray into the active realm. Boy was I wrong. Any retired boxes I could look at that could help me brush up on the tools and skills I need for this box?

Sounds crazy but i suggest going for the hard ones … There is an tendency for easy boxes to be a mess and more ctf-ish and for hard boxes to be more up to logic and easy. No offense to the creators … just my opinion.

Type your comment> @CiccioPas said:

This box is actually a Copy Paste lol

yeah if the alternate way to get root that I’m currently working on turns out to be a rabbit hole then this machine is basically just the spoiler removed machine with some very minor changes :confused:

Spoiler Removed

I just want to say…I feel stupid. Something I need to learn is not to rush through when doing these boxes. Thanks @n00py

Got my 30 points for this fantastic and realistic windows box. Thanks @egotisticalSW for the work <3

User and Root part are easy to do from a linux box. So no need for a windows vm here.

First part: Yes, very basic guessing is needed for the initial part. I used metasploit to test my guesses and got some errors i did not look at. This took me hours. Plz, if you get errors don’t overlook them.

User: There is a very handy collection of Python classes for the user and root part. As @cerebro11 said:

  • For user : google “AD attacks” and try to find valid users

Root: Enumeration is the key. Use basic windows enum to regognize. Do not overthink it. After that the handy collection may help you again.

Thumbs up for @Mast3rM1nd to give final impulse to crack the box.

PM here or poke me on discord (mab#4866) if you need help.

Rooted !!!
Enjoyed refreshing the techniques and concepts.

Hints:
User: Think about the general naming conventions of the user accounts by the admins
root: Basic windows privesc methodology would be enough :slight_smile:

Still facing difficulties??? PM for nudges, as always happy to help …

@breakndenter said:
Type your comment> @Xtronum said:

I’m at a complete loss here. Can’t even get user. Just started HTB last week did a bunch of Retired machines the last couple of days. Saw a new ‘easy box’ and figured it would be my foray into the active realm. Boy was I wrong. Any retired boxes I could look at that could help me brush up on the tools and skills I need for this box?

Sounds crazy but i suggest going for the hard ones … There is an tendency for easy boxes to be a mess and more ctf-ish and for hard boxes to be more up to logic and easy. No offense to the creators … just my opinion.

Interesting suggestion, I’d like to test it out :slight_smile:

Is there a particular hard box that you have in mind?

Type your comment> @FF0066 said:

@breakndenter said:
Type your comment> @Xtronum said:

I’m at a complete loss here. Can’t even get user. Just started HTB last week did a bunch of Retired machines the last couple of days. Saw a new ‘easy box’ and figured it would be my foray into the active realm. Boy was I wrong. Any retired boxes I could look at that could help me brush up on the tools and skills I need for this box?

Sounds crazy but i suggest going for the hard ones … There is an tendency for easy boxes to be a mess and more ctf-ish and for hard boxes to be more up to logic and easy. No offense to the creators … just my opinion.

Interesting suggestion, I’d like to test it out :slight_smile:

Is there a particular hard box that you have in mind?

Well i liked user part of Control, i liked the root part of Sniper, Resolute was fun and also had ldap involved, Registry was also great all around box … It felt like you progress trough enumeration on each step and there were no lose ends. Again this is only my opinion!

Guys read this for user!! once you know what u are doing and not getting the combination right:

rooted !!!
users is harder than the root, root is easy if u have done easy windows boxes
Thanks to all guys discussing in discord i got ideas from there.
Thanks @egotisticalSW for this box, @VbScrub for waiting me at shout box in my very last moment of rooting.

![Hack The Box](upload://7bhzo1o8aNqbgmmlAOeCU66Yoa.png)