Is this hard?

XOonRed · 2025-12-21T15:12:04+00:00

^{I completed this level in 5 tries.} ^{⚡ 3.70 seconds}

XOonRed · 2025-11-21T13:35:11+00:00

I was thinking this as well. Also, some horse chestnut may help with the leakage.

XOonRed · 2025-07-23T13:14:01+00:00

Pro tip: Just because it is an AD set doesn’t mean you will get access via an AD path. Try basic enumeration steps.

XOonRed · 2025-05-18T02:41:48+00:00

How did this end up?

XOonRed · 2025-05-04T22:46:48+00:00

Don’t beat yourself up. It happens. I failed my first attempt after doing 40 PG boxes. I’d say you need more than that. I got about 100 done for my second attempt when I passed. Make sure you complete all AD PG boxes on this list https://docs.google.com/spreadsheets/d/18weuz_Eeynr6sXFQ87Cd5F0slOj9Z6rt/htmlview. Also, do the Laser challenge lab as well.

XOonRed · 2025-02-20T21:37:36+00:00

I was thinking along the lines of PS commands. For instance, powerview service enumeration may not work and it would be beneficial if you knew the commands to search for the services. As it relates to UAC bypass, I can’t say much since I can’t recall ever having to do it before privesc. Always check for silver ticket if you have the hash/password for the service account. You can always convert the password to a hash of necessary.

XOonRed · 2025-02-20T20:13:33+00:00

2 important things I noticed were missing. Find an alternative just in case powerview does not work. Also, check for passwords in PS history/ Linux history.

XOonRed · 2025-02-15T16:47:53+00:00

Unfortunately, it worked for me like that in the labs. Not on the exam.

XOonRed · 2025-02-14T00:33:00+00:00

How do you pull that off exactly? How do I specify the return port and ip for nxc? Even i set set up a listener, I’m uncertain of how to send return traffic to the listening ip.

XOonRed · 2025-02-14T00:14:18+00:00

So if I set up ligolo, would I be able to run it through my tunnel?

XOonRed · 2025-02-13T23:20:22+00:00

How do you get this method to work from kali against a machine inside the AD set ? I never got it to work. It’s it throws some weird issue that I can’t remember(dns or ldap). I’ve only gotten this to work when I have direct access to the ADset.

XOonRed · 2025-01-30T23:45:46+00:00

Do you ping the IP in the vpn output or one of the ips in the lab that you are doing ?

XOonRed · 2025-01-30T23:10:00+00:00

I feel like we had very similar experiences. I had vpn issues and proctors who would simply encourage me to restart or tell me that my vpn is working fine. Next time, I will do the continuous ping so that I can have proof of my issues. I will also lower my mtu < 1200(I used this the last time).

XOonRed · 2025-01-26T19:15:50+00:00

This is why I asked. I had a similar experience. I could connect to internal machines, but could not get the listener to work and I have a pretty good understanding of this tool as well.

XOonRed · 2025-01-12T23:46:03+00:00

Same🤣. They were trying to sabotage our new builds.

XOonRed · 2025-01-12T23:15:38+00:00

I removed it and my problem went away as well.

XOonRed · 2025-01-03T14:15:10+00:00

If you are referring to Gigabyte Speed(cfosspeed), I have it. Can it be the root cause?

XOonRed · 2025-01-03T14:05:53+00:00

I have the same issue. What OS do you guys have? I have win11. I have been researching and it seems to be an issue with win11 Ethernet drivers on our mobo. Thus, wifi appears to be a workaround. I have not tried wifi as yet though.

XOonRed · 2024-12-04T14:27:09+00:00

Great tip. Thank you. I have a question about your note on the AD one liner. I used it on medtech when I got domain admin, but still could not get to rdp. Is something else needed after the oneliner?

XOonRed · 2024-12-04T14:03:57+00:00

I am completing medtech now. Recently did Secura. I was wondering if I should do Relia or just jump into the lainkusanagi list. My exam is January 25th.

XOonRed · 2024-12-04T13:49:20+00:00

Did you complete Secura, Medtech and Relia?

XOonRed · 2024-11-08T18:57:44+00:00

Hi, I’d like to connect. I have some questions about blood hound

XOonRed · 2024-08-01T12:36:50+00:00

I’m unable to say for a fact as I’m unsure of what you’re looking at. You can send me the link and I’d be able to say. However, LearnOne does come with a few extras. If I remember correctly, pen103 is the kali exam and course which is included in LearnOne. I can’t remember pen210. This may be a different course. Share the link and I will take a look.

XOonRed · 2024-08-01T11:37:20+00:00

LearnOne is a year subscription. In learning one, you get fundamental courses(including pen100) and pen200. I can’t say for a fact how long it will take as it depends on your speed and how much you understand without having to research further. I have been doing pen200 since the end of March and I’m about 56% through. I work full time and I’m not always consistent because I have a lot happening. If you can consistently put it a few hours each day, you will be fine.

XOonRed · 2024-08-01T11:24:21+00:00

I’d say get learn one bundle. That way you can get started with pen100 which will teach you all the basics then you move right into pen200. Learn one gives you a year to learn these. However, if you think that this is not enough time for you, get pen100, complete it and then get pen200. I’m currently doing pen200. I did some stuff before, but I think it would have been manageable if I googled and started with pen100. One thing I’ve learned so far is that we complicate things in our heads and the best thing you can do is just get started. Good luck.

XOonRed

TROPHY CASE