I m waiting for reverse connection at initial attack, how long?
Type your comment> @mitoOo said:
i’ve found a file as a****a which contains hashes , even after resetting thebox
cracked those hashes and got a password for each , but can’t login with either … any help?
same… need some help here
Type your comment> @mitoOo said:
i’ve found a file as a****a which contains hashes , even after resetting thebox
cracked those hashes and got a password for each , but can’t login with either … any help?
me too
Im trying to connect to wm service using aa c**rt, any suggest?
Any thoughts how to request a certificate? I imported root cert and crls, but a****a doesn’t have an access to certsrv
Edit: I messed with dns, now it works
Thanks @mrb3n and @lkys37en for the most EPIC box I have ever had the pleasure of rooting during my time on HTB.
i learnt so much and as a result now have a notebook full of resources, techniques and tricks to use when working with AD. I also met some very knowledgeable people along the way who helped immeasurably.
I wish all boxes on here were like sizzle, It felt like what I imagine a real engagement would be like and there were no trolls, pointless rabbit holes or other fluff to trip you up. Cheers!
Finally I have root (Admin), thanks to @mrb3n and @lkys37en for the box, If somebody heeds help, PM me.
This box is a must for anyone working in an enterprise environment! This journey took me to the limits, even more than ethereal. Thanks to @kekra for his hints and discussions, wouldn’t have done it without you bro!
And thanks to the makers @mrb3n and @lkys37en! Looking forward to “Fizzle”!
I wonder if someone else also found a shortcut directly to user and root after getting a****a on the box (probably not intended)? Already contacted the authors but didn’t hear back yet.
As always feel free to PM for hints!
Type your comment> @spoppi said:
This box is a must for anyone working in an enterprise environment! This journey took me to the limits, even more than ethereal. Thanks to @kekra for his hints and discussions, wouldn’t have done it without you bro!
And thanks to the makers @mrb3n and @lkys37en! Looking forward to “Fizzle”!I wonder if someone else also found a shortcut directly to user and root after getting a****a on the box (probably not intended)? Already contacted the authors but didn’t hear back yet.
As always feel free to PM for hints!
I feel like I’m very close! I have my reverse shell as user a****a, however I’m missing a step before I can get the user.txt - Would anyone be able to lend a hand or give a nudge? I’m probably missing something obvious
Edit: resolved, disregard.
Completely stuck on using the cert. I think I know the attack vector but I keep getting a weird ■■■ error that I still can’t find a way to solve. Looking for a nudge on the right direction
Hey guys, i’m completely stuck at the initial step. I’ve been enumerating eveything i could see but i can’t find anything interesting. I’m probably missing something … Could use some help, can someone PM me (on main site, not forum please) ? Thanks
Just wanted to stop by and say I loved this machine! Thank you!
Loved the box, the harder is by far getting that user. Once you have user its actually quite simple if you have the knowledge on enumeration and attacks on AD. Great Box overall 
Wonderfull box. I learnt so much from it about windows and active directories and discovered so many new tools.
Thanks a lot!
I’ve got a hash for a user, but hashcat it taking FOREVER to break it. Does the password appear in a password list, or do I really need to leave HC to do its thing?
Try John with jumbo patch breaks it relatively easily
I’ve got the initial creds and some files using the creds and the service, trying to login using w***m using the creds and also with certificate but with not much luck, can anyone please point me the right direction?
Type your comment> @chinpaku said:
I’ve got the initial creds and some files using the creds and the service, trying to login using w***m using the creds and also with certificate but with not much luck, can anyone please point me the right direction?
Check your cert. It has to be created from u******t template