Completed. Awesome realistic box ???
Thanks to the creators.
Finally rooted… with a lot of help.
One of the best boxes ever in HTB!! Congrats to machine makers.
Rooted. Awesome box. Wish all the boxes here were like that.
Feel free to mp for help.
Finally got root. This is my first time attacking the AD. The most awesome box i have answered in hack the box i rate 10 out of 10 for this box. Also during this box i got lots of knowledge . Tnx for creating this type of box. And tnx for helpingg me out gguys. Feel free to Pm me if you want to discus.
Where did you all get the cred? I got some usernames and the place where I can write to and that’s all.
Could someone PM me regarding the last step before root?
I’m trying to run a certain tool for AD enumeration, but having a lot of trouble getting it to run
Any help would be appreciated!
Looking for a bit of help on the initial foothold on this. D*S enumeration has led me nowhere. S*B has given me an idea of what usernames might be, as well as a folder filled with files with seemingly random extensions containing the same bytes on which I can “put” files. Beyond that I found nothing in S*B. L**P seems to require username and password to get anything out of it. Am I missing something (I obviously am lol)
Gobuster found nothing on the web folders. If anything more can be shared on the forum or through PM it would be great! Thank you!
I am in the exact same situation as @Iduros. I know the s*b user. Do I bruteforce the pass?
lol, let me know if you get any farther @krypt… Meanwhile I think I’ll just wait for this box to be retired…
I can give you guys hints for initial steps, just PM me
This box is trully amazing, even though I cant find the way to grab a shell.
I found a user and its password (just by doing that I learn a cool new technique, for me)
I found the ritgh place to use that credentials
and I spend 3 days trying to understand the service (W****) to grab a shell. But I still thinking Windows has a huge lag on documentation.
Hope this box be retired soon, I want to see the walktrough
I got the first user/pass by using the S*F exploit, generated a cert… I’m trying to authenticate against AD or K*B without luck. Could anyone give me a little nudge it would be great! 
Type your comment> @lduros said:
I got the first user/pass by using the S*F exploit, generated a cert… I’m trying to authenticate against AD or K*B without luck. Could anyone give me a little nudge it would be great!
Nevermind, found the service to use. ■■■, after getting “in” I realized A****da is NOT the user for the user flag??? lol
I believe I got some users through S*B but that’s about it … still learning windows 
. I would totally appreciate some hints.
Edit: Got user Am**** and N**M … found where to use it… have a Cert but have no idea on how to use it lol
Bashing my head against a desk here - trying for a Remote P********, using AA creds, using K** authentication but it’s unable to find a logon server… am I going down the wrong path?
Type your comment> @SwartePiet said:
This box is trully amazing, even though I cant find the way to grab a shell.
I found a user and its password (just by doing that I learn a cool new technique, for me)
I found the ritgh place to use that credentials
and I spend 3 days trying to understand the service (W****) to grab a shell. But I still thinking Windows has a huge lag on documentation.Hope this box be retired soon, I want to see the walktrough
FINALLY GOT USER!!!
Now onto root!
Amazing machine! I learned a lot!
Confirmed:
There are 3 different ways to priv-esc! 
I was able to figure out how to penetrate and root just because have spent several weeks in the last year to learn necessary staff.
Cannot imagine where did you get special skills to root this box. Did you also attend similiar training?)
ya that is what i am saying this is so off the beaten path the fact half the people are even coming up with a need or a location to use a cert is a little odd to me I mean after a little help its clear but how the ■■■■ does someone beat this that fast like first blood
ok its resolved but ■■■■ that pissed me off you admins need to figure out why vip users need to reset a box two times and wait over an hour for creds to work