#red-team-capstone-challenge

Please be mindful not to ask for/provide hints or answers during the competition for this challenge, which ends May 31st, 2023. 🙏 Good luck and have fun! 🥳
Note: To access this challenge requires a subscription AND a 7 day streak.

First! 🙂

Yay!

Good luck everyone!

GL!

https://tenor.com/view/yay-omg-clap-excited-gif-13535331

Yes!

Have fun! ⚔️

https://tenor.com/view/scream-toad-super-mario-shookt-panic-gif-8010651

May the odds be ever in your favor! Let the race commence!

Don’t have a 7 day streak 😦 4 more days until I can start!

You got this! Revising the Red Team pathway might be a good idea 🙂

Yeah that will keep me busy until then! 🙂

You need a 7 day streak to join this room + a subscription? ... why?

Most of the networks are streak requirements.

Hello, I'm gonna start attacking this network. I will likely need a lot of help, hopefully I will be able to offer someone some help in return. Good luck other peps.

Switching to B2B Exclusive ... sry. why i can not by like throwback ...

Gl everyone, have fun - this one is an absolute banger!

😁

here are people with real live and not everyone have every day time ... the concept based on streak are irrational and unworldly

please do not share help with others as this is intended as a competition due to the prizes, we can link to rooms and/or the vods of streamers who do this live 😄

Groups are allowed to work together.

It's just going to be a single prize.

yeah

If you post the questions that you have (spoiler safe), I'd be more than happy to direct you to resources that can help. This room was created to test the knowledge you would learn doing the red team learning pathway, so happy to point you to rooms that will help answer your questions as well 🙂

thats not true, as a subcriber i can join, without a streak ...

wreath had a streak.

thats the first one ... and thats really bad

I'm sure Breaching AD had too.

i'am sure, not 😉 and now ... i made them all 😉

in any case, the initial announcement said to keep our streaks

i'am not a free user 😉

subscriber

still had a streak.

However, I'm not discussing that in this channel, instead keeping it for the topic.

sry, thats not true

😉

And it's been > 10 days since.

All you need to maintain a streak is to complete 1 question per day. Not too much to ask, right?

I should've done the red room paths I end up doing the SOC 1 path.
I would love to know what rooms I should try before doing this network. Also how long do I have before this network get hidden behind the business paywall?

there's a timer in the first task

there's enough time to do the red teaming pathway

and attempt this network

but remember, this network is not for the weak 😉

thats not the point, the most think what is really bad here, the content will be moved to B2B ... all users here make THM big and the and the thank you for that is, exclusive content are not available for people like me (Subscriber)

Gave +1 Rep to @grave sable

Thanks.

Gave +1 Rep to @slender verge

Sometimes THM make stuff for other parts of their platform.

Exclusive content only for B2B is not my taste ...

I thought achieving a 7 day streak badge or higher would allow a subscriber join the room?

FFS I have to do all the red rooms before this

your streak must be currently 7(+), the badge doesn't matter

This network, like our AWS content, would have been a B2B exclusive from the start, since it is those clients that have asked for this type of content. Running a 14 host network is not something that is cost effective to do on the scale that we have for subscribers. Effectively, we would have to almost double our subscription cost. That's why this is B2B content.

However, we thought it good to at the very least give normal users, those that have helped us build to where we are today, an opportunity to experience this content. Our only ask, which was clearly communicated a month in advance, was to make sure you keep your streak up.

I'm doing them too, it's very motivating to get through them

Yes¬:D

I'm so bad 😢

i understand the factor costs, do it like Throwback ... you have a solution on you plattform ... i willing to pay, im not willing to get a B2B customer ...

😭

The Throwback model also doesn't work. It makes support for this type content incredibly hard, which in turn also results in very unhappy customers. Our B2B offering has an entirely different support model that we can leverage.

Communication is fine, reallife? You dindt earn more money when i click every day, you earn more, when i not visit THM and i subscribe 😉

ok, make a offer without support, why not ...

then people would complain there's no support...

as a choice ... i cant see the problem

If I don't get the chance to take part because I suck a red teaming, I'm gonna be mad. I'm gonna spend more time doing CTF's and get a lot better.

Who's got the first flag? 😄

THM isn't just tailored to you. Of course, we would like to make everyone happy, but sometimes decisions must be made. This was one of them; as Am03bam4n said, we made it accessible to b2c users for a few days despite this being a b2b offering; why only see things negatively?

I am not able to consume content on THM as a B2B customer. But I am willing to pay for it as a customer. You say it doesn't work now. Customer orientation looks different to me.

Me. 😄

THM isn't just tailored to you. <- Do we want to talk about it or should I be mobbed?

Please feel free to share your feedback in #feedback-and-ideas , let's move aways from this channel and let everyone enjoy the new event 🙂

ok

really loving how this challenge looks! Gonna be a tough one ^^

Hi

It is.

Please make sure to answer the questions, which means you read the actual scope of the assessment, and then your network diagram will show you IPs 🙂 This is normal, read, "sign" the red team contract by answering the questions and you are good to go

is this subscriber only?

Yes, + streak based.

Don't be sad, there is a compitiion on for a coupon, and you can work up those streaks.

I've added the join requirements to the pinned message. 🙂

The flag system is great too.

This room is my favourite, I'm glad we are able to get a chance to have a bash!

bruh how to regist ssh

im confused

3 more days for my 7 day streak! Maybe I can finish the offensive learning path while waiting. I'm 70% complete so far. I've already finished Red Teamer, Jr. Pentester, and so much more. Very excited for this new network!!! Let's go!!!

the task tells you.

I highly recommend you don't skim the content in the room but really read it. Else you will easily get lost in the room. The steps to register should be clear after reading the entire task 2

Sounds like an excellent plan! This challenge is a marathon, not a sprint 🙂

Indeed. Can we work in small groups?

Yes, but remember it's a single prize.

You can, prizes are individual, but nothing is stopping you from forming a group to tackle the challenge as a learning experience

Hey friends -- I was approved by THM to live stream this challenge. Feel free to join me tonight for the kick off stream 🙂 -- I'll be working through it all live with no prior knowledge, so we shall stumble through it together!

A few details I want you to be aware of:

1. My kick-off stream will be tonight at 8pm CST on the Hack Smarter Twitch Channel (https://hacksmarter.live/)
2. All streams will be posted afterwards on my YouTube Channel (https://www.youtube.com/c/TylerRamsbey)
3. I will be treating this like a real engagement, spending much of our time performing enumeration and taking good notes.
4. I am not going to attempt anything with the network until I am live on stream - so it will be my first reaction to everything (we can stumble through together).

https://hacksmarter.live

Oh, this should be good, What time are you kicking off?

NVM

Lool.

I need to convert it to UK.

2am for UK!

Ouch, maybe I won't check it out then.

Good luck and have fun!

So, who's working on it now? 😄

Sucks to suck that's all I can say xD

really a 7 day streak ugggg guess I won't be doing this network 👎

Sorry to hear, it's a good network.

There should be the first stream in about 1.5 hours, that should still work within UK time 🙂

24 days, if you start now you'll still have 17 days to do it!

Slow and steady will win the race, make sure to enumerate the entire perimeter and not rabbit hole on a single host! 🙂

I guess I could uncomplete 1 or 2 of the 600+ rooms that I have already completed but still thats 7 wasted days

also a good tip to avoid stubbing your toes on door frames... slow and stead instead of running fast through them helps with avoiding that

Isn't this kinda unfair**, only people from business can get access to this content, so even if we want to pay we can't have access to it

Nope?

unfair**

Sorry, typo

At the time being subs with a 7+ day streak can access it...

Yeah, but only until june 5th

until june the 5th

yes

It is designed to be for the business side, so we're lucky to even get 24 days!

well tryhackme has to make money and be profitable somehow... some things just take to many resources to run forever

task one of this network clearly explains why

Yeah I know, it's just sad that you can't even ask for access for an higher price

does not feel like copying all of task 1:s text out here

lets start a small business together and get the business plan

how is it wasted if you choose some rooms that has knowledge in areas that you might have forgotten, and then you relearn

Anyone would help me just to get started with this challange in pm?😕

I suggest having a look at the rooms in red teamer path 😄

ditto to what bella said

Deal

would mean being able to do the aws path too

because I just did THM for fun but the last 2yrs it gone downhill so much that it's no longer fun

Always positive posts by you. 😆

Not the engagement, the "registration"

Download the vpn.

like I just said THM use to be fun

Yeah me too, I was so excited to do the AWS path when I got notified by email that it was getting released, only to find out that it was business only T-T

That's certainly one way to look at it. Perspective is key here.

Then take a break, find something else to focus on and relax until you find the feelings of wanting to do THM again

The reason why you might feel it's no fun anymore is because you're getting in this "forced" behavior

Yeah got that, i have the X.X.X.250 , but cant reach portal

Have you fully read the information of Task 1 and Task 2?

forced?

The thoughts that you have to complete a task, that you have to do the newest room, and have to keep on learning

Yes

sorry that doesn't make any sense

Do you have a subnet on your network diagram?

I have, i see the vpn and webmail

Ok, then replace the xxx with your details.

So if you're in 10.10.10.10

You simply just replace the xxx.xxx.xxx.250 with 10.10.10.250

Can premium members bypass the streak, and can individual users purchase access after the 5th of June?

No and No.

Only business customers will have access to the network after that time is up.

Damn, thats really unfortunate

Yes i have that

Then just do as the text states.

Missed the streak due to moving house :p

7 day streak for premium users too??

Yes.

yuup

not a problem for most people probably

I guess it's so you're all beta testing it for business users which is a positive sign for it working well at launch. Has anyone started it yet? Is it as broken/buggy as Holo & Throwback?

bella and scrubz and jayy have tested it during last week in room testing

shadow was left out because they focused on school work

so seems like it is working as intended

Yes, Shadow is correct.

I've had a 2 week head start(alongside Bella and jayy), (so right now I'm not doing it as I know how to get some of the flags)

However anything that didn't work was fixed.

It has also been tested internally prior to that 🙂

Yup

That isn't to discount the fact that there's potentially going to be some strange things happening of course 😄 Networks always have their own surprises when you have multiple people trying different things at the same time

Just blame it on DNS

7 day streak makes sense just sucks having to wait after getting the email and looking forward to it since I haven't been so active the past month. I have a 365 day streak and took a mini break after that.

It is 6 months in the making. 2 of those months was testing.... We really really tried to make sure that this thing stays stable and working.

What we do have to count in our benefit, is the fact that there are multiple attack paths. So if one path fails for you, try another

Sorry about it, can still at least build it up again starting today and then tackle it 🙂

Sounds really good then!! I don't have time to get the streak as I have a holiday between now and then and some other stuff, but I've been considering the THM Business plan for my team, so I'll keep an eye out for reviews on this

I think I threw everything but the kitchen sink at times during testing 😄

Four different live streams, first one kicking off in a bit. Should help you make that decision! 🙂

Appreciate it, I plan to build it back up. CySA and 3 Microsoft Certs have me a little busy lol.

if you can dodge a wrench you can dodge a ball

I am probably blind or something, but I have no IP such as x.x.x.250...

Did you read task 2?

#red-team-capstone-challenge message

Specifically that part.

I had read it... and it didn't click until now 😅

I have to force the "fastest guns in the west" to make sure testers actually read their "contracted scope of work" before they start testing. This is incredibly important in real life. If you go out of scope: "Straight to jail"

If not jail, a heft fine.

Tib3rius is now live-streaming our new Red Team Capstone Challenge Network 🔥

Watch live: https://www.twitch.tv/0xTib3rius

Is he really though 👀

That's a VOD from last month

He said "soonish", think he is just getting final setup ready 🙂 Give him a minute or two or three 😂

will the streams be recorded and published on YT later. Asking just in case we miss out on completing the room.

Doesn't twitch have VoD?

if the streamer decides to yes... otherwise no

Looks like they've opted for it, judging by their video tab.

Unless you can change it by video/video basis.

think he also uploads it to youtube anyways

you can but doubt he will

I know of at least two streamers who will do this

Hi, I read an announcement saying that there is gonna be a "limited time" event.
This network will stay though right?

No.

Task 1 has the timer.

which is current;y 24 days 18 hours, 10 min(s)

So after that it wont be free or it wont be available at all?

Only to business customers.

it will only be available to business customers after the timer expires

the videos and writeups will still exist though

Okay, thanks.

i.e you got until june the 5th to do it

Stream has started 🙂

neat time to chill with this stream instead of the usual game stream

Anyone got a flag yet?

Can it be played with premium If I don't have streak?

No,.you need a streak.

unles you are tiberius and get a streak handed to you

lol typo squatting

Is the competition till 31 May or 5th June?

Also does it count to our monthly/overall score?

31st of May.

I think so, as it has blood points I'm sure.

So the writeup competition is between 31st May and 5th June?

Unsure.

Starting now, submissions end 31st, we announce winners June 5th

How fast you submit does not matter, as long as you submit before May 31st

Quality report writing will get you the win

Oh so the submission is for some portal you offer, not in pubilc

We're using the normal writeup feature, best 3 reports will get published on official blog.

Hmmmm
I don't understand
If there is a competition going on
Shouldn't any type of write ups be restricted?

Like in ctfs

No flags attained yet. 🙏 Keep hacking peoples. 😄

Uploading your write up to a room doesn't automatically publish it, they will only be published after the competition

Makes sense now, thank you

Gave +1 Rep to @grave sable

Oh can you also confirm on this?

You get points for the room flags, the competition itself does not give you points - we do have cool prizes though, like subscription vouchers and special custom swag!

can you please let me know which are those? one is tyler ramsbey probably. who is the other one.

select * from submissions;
Empty set (0.00 sec)

Nothing yet! 🙂

InfoSec Pat I believe. I believe he may be streaming directly on Youtube perhaps?

I'm watching 0xTib3rius just now.

same

it is decently fun

Bruh this is a scam, I just do this for point 😮
that's a half joke >.> I do love points... :3

You do it for the experience.

And points 😄

what about badges????

Sheeeeeeiiiiiit you're right. I gotta get the badge!

Imagine if I got a discord badge too if I get it.

❤️

If I cancel an nmap scan half way through do I get the results still? I forgot.

No?

Dang. Scrubz I told you have done 0 red team things since I started THM :3

Maybe, now is a good time to start before you try this 😄

It's going to take me longer than 24 day

It is sitting there quite pretty...

think this is one of the few badges that will get unobtainable eventually

agreed

well you could make it available with your smaller spin off networks if those ever come to fruitions

Hope so yes! Maybe Assistant to the Red Teamer of the Month 🙂

just because you complete the room doesn't mean you will get the badge i have 2 modules completed but didn't receive the badges for completing the module

Badges are linked to rooms. If you complete this network, you are awarded the badge. Not sure how the badges work for those modules that you are referring to

well I have 32/40 bages and at least 2 of the badges I have completed all the requirments but did not receive the badge for it bummer

some of the old modules and series does not reward badges correctly anymore as their rooms got updated so it awards the badge based on the old room but you only did the new room and have no way to do the old one

figures

or well that was the case around 6 months ago

dunno if it changed

I'd be interested to hear details, dm please?

who?

I meant you, sorry - can you dm me with details which badges did not work?

Hey I just wanted to say to the creator of the network, I'm really enjoying all the work you put into this! I'm still struggling to get initial access, but I'm learning a lot in the process. (:

Thank you for the kind words 🙂 Best of luck with your Recon! Patience is key!

Gave +1 Rep to @pure parrot

Will do 🫡

or do the shadow and wait until the competition is mostly over and use other peoples writeups to get all the info you need....... probably not the best course of action but ey shadow is at least learning something from it

I'd like to get as far as I can without it haha.

But totally fair (:

You'll definitely learn something new.

I mean, that's the whole point of this platform right?

at minimum shadow will learn what more true to life reports of red teaming or pentesting would look like

but shadow is more leaning on this being a huge list of new information for them

Do you always refer to yourself in third person?

yes

Fair enough, I respect that

Alh4zr3d is now live-streaming our new Red Team Capstone Challenge Network 🔥

Watch live: https://www.twitch.tv/alh4zr3d

That’s that winning attitude, respect

Thanks friend (:

Gave +1 Rep to @clear badger

This has probably already been covered; but if some hero could save me from endless scrolling.
This requires 7 day streak... BUT also says 'subscribers only'. All good.. Im a paid subscriber, but dont have a 7 day streak (life and such).
So even as a paid sub, i ALSO need to have a 7 day streak? - not like other rooms where its one or the other.

..never mind i think i managed to find the answer above; you need BOTH a sub AND a streak yeah?

yuup you need both

Better get moving then see you all in a week

good luck and have fun

a very good idea would be to do the #red-teaming-path to build your streak and learn what you need for this network if you have not done so yet

Thanks @cerulean wraith appreciate the tip. Probably all good with the skillset, but plenty of rooms on THM to keep have me sorted 🙂

Gave +1 Rep to @cerulean wraith

I have accentuated AND in my pinned message to show it requires both. Hopefully that helps.

seen ; thanks @lyric stream

Gave +1 Rep to @lyric stream

Tyler Ramsbey is now live-streaming our new Red Team Capstone Challenge Network 🔥

Watch live: https://hacksmarter.live

You can also watch on replay here: https://www.youtube.com/c/TylerRamsbey

Hey friends -- I am LIVE on Twitch to start the challenge. Grab a black hoodie, boot up Kali Linux, and let's take down the bank!!!!!!!!

Still no breaches yet!

no one has the first flag?

Nope, not yet... This is not meant to be easy 🙂

oh for sure, and it's waaay beyond me, just somewhat surprised

If you are not ready for the challenge, I encourage you to watch the streams for some additional experience into it! 🙂

probably not ready, I'm not all done with the red teaming path, but I'm trying anyway, it's a lot of fun

I was bummed out anticipating the release and when it finally comes out aww sorry you not allowed to access the network

Are you going to get the 7 day streak, which has been used on previous network releases?

no I don't have the time nor the desire i would have to uncomplete a couple rooms and re do them it's just not worth it in my opinion

https://tenor.com/view/do-it-get-to-work-gif-21630516

If you change your mind, the network is very well made and would recommend to try it. 👍

it's more than worth it in my opinion

I believe in you!

It could be you!!

if it can be done by stubbornness alone 😁

But in all seriousness, prizes aside, if you can put in a bit of time everyday, you will get far and you’ll have a lot of fun

Yeah, my goal is to learn as much as possible along the way, more motivating than any prize.

The full recording of the stream for those who missed it live:
https://youtu.be/xrh3g5VjY6Y

I watched this live, really cool how methodical and organized you were

Thank you friend! I'm still very much new, but focused on learning the best I can!

Gave +1 Rep to @digital plaza

This is what will win you flags in this thing 🙂

I have a problem verifying my first flag

even though I did what it asks :|

Can i get some help tyvm

Sure, you can pop me a DM

I can see your active submission ID, so now you just need to follow the instructions, but DM me and I'll help

We have our first breach flag submission! 🎉 🎉 🎉

Woooo!

Woop Woop!!

Was it Hmmmm?

yes

Niiiice, good job

Good going!

I'm curious how you done it, we can catch up after the event ends 😄

sure thing

me too

then it's good that there's a writeup competition too, meaning we can read peoples writeups!

so remember to keep notes people, you might need them later 😉

How do you like the flag system?

I can't reach any of the systems at the moment, is there a known problem at the moment ?

Shouldn't be, what are you seeing on the network diagram?

I see the servers in the DMZ but I can't see the web page on 13 or 11. I was able to access both of them earlier and now I can't access any of the services

Enumeration!

Can you refresh the room page and see it the network is still up?

^ That was a pain for me, I had to set a timer in the end.

It still shows as up, and 36 mins left

If MartaS doesn't kind, can you send me a pic of the webpage you're trying to view? (dm)

This is something I could possibly help with.

I'll try again later

Hello everyone!
I have question about red team capstone challange.
I don't have learn read team path, to learn that it will take 1 month for me. I afraid it said limitied time. But how many tme can I access to that challenge?

competition we are running until the 31st of May 2023!

What about after 31 may. Is there any chance to people who have not learned red teaming yet

The network will be available until the June 5, after the competition people are allowed to provide hints and answers. There are also a bunch of people that were asked by tryhackme to stream this challenge, watching these streams might help u learn a lot. So yeah I still think you have a good chance to complete this network before it all ends!

been months since i worked on anything related to red teaming

You're doing great though!

I'm just looking on my notes and going "Yes, i forgot all that"

After the 31st it will go to business.

^ After June 5th

Oops!

Thanks.

So we should subscribe to business plan?

After it moves?

Yeah, but unsure how much etc.

I'm having trouble registering for the Capstone challenge on the e-Citizen system - it is asking for my THM username which is dave.taylor however when I enter this it is saying it's not allowed as my username shouldn't contain any symbols. What should I do?

ie the . in my THM username seems to be an issue...

You don't need your exact username.

Ah ok - so I'll just register with similar without the dot then 🙂

Yeah. 🙂

Thanks! 👍 Wasn't sure if this would be significant so thought I'd ask 🙂

How many flags now!?

its a good change from the usual way of submitting flags

laggy af tho

When i done it wasn't.

I hope it stays

That delay is intentional... Specifically forcing y'all to read and not just skip through instructions 🙂 Although I know it can become annoying

im very bummed out you need 7 day streak. I wanna get started 😅

You got it, have you started building a streak?

Been a while since I was on THM, but this new room got me back

So just starting it today

6 days to go!

Do the red team path whilst you wait. 💪

Sorry for the boundary! But 7 days skillup on red teaming will make you fly through the challenge! 🙂

why do we keep over thinking stuff

yikes i gotta do this before it goes away

but need to get a streak

Yup!

the machine reset and i can't connect to anything anymore

any fixes? @_@

Which subnet?

10.200.89.0/24

Let me check.

Can you DM me a screenshot of the Network Diagram, which shows the Network state and the three buttons below the diagram in the room?

sure

We're cautious with this as we don't want to spoil the challenge. We're looking into it. 🙏

Ok I can delete or "Spoiler"- should I come back to this later when it's fixed? Please advise.

Stand by I would say at this point. 🙏

Thanks I will delete my post too -thank you@

Im just curious why would you set up a 7 day hacking streak a must to access that challenge, why being sub is not enough?

Probably because of the high costs of making it available to non-business users, plus they warned us in the very first announcement to keep our streaks

Are 7 days of streak add any income to them? Its the subscription

Its hard to keep that streak going once you landed 1%+

It's not though

It's really easy.

You can just reset a room

Im not ok just login to site and clicking the single answer or reset the room for the sake of keeping that streak

There are plenty of rooms you can do, anyway, this is not the channel for that discussion.

It's up to you if you want to build the streak and join the room.

I can agree on that, but after 200+ rooms and all completed paths a lot of people just occasionally come by for new releases. And im one of those. I will build that streak anyway for the sake of the lab , i just dont feel that it was such a necessity if you have a subscription.

Essentially it is a network for the Business plan made available for a limited time with a streak requirement for subscribers. The streak requirement is not something new though, we have used it for networks before at initial release.

Any update on this as I just randomly started having issues with this as well?

Not yet, still looking into it. 🙏

All right, thanks for the fast response! I hope it will get resolved 🙏

Are you on the same 10.200.89.0/24?

Nope, 52

Network is restarting rn

Alright, please let me know if it returns to the running state in the Network Diagram.

It is running

Please let me know if you run into an issue accessing it.

I'm sorry for all the troubles, but i'm still experiencing issues 😦

is anyone having issues loading the challenge page?

ok, its something on my side

I'll DM you.

If you find that a certain path is not working for you, rest assured that this network has been carefully designed so that if one path has been cut off, there are multiple paths that are also available. That doesn't mean we are not looking into why a particular path isn't working, but having more than one way to achieve something will benefit you greatly in this network.
We appreciate your patience 🙂

I feel like I am already doing something and missing the initial flags

flag 20 is the goal

@trim beacon is it possible to do a sane check?

or is one of the goals

the other goal is a good written report on how you exploits it

well, I am taking notes so

:p

So I am having trouble accessing the network resources.

Network state is running

but cant reach the machines

Can someone help?

trying to recreate the mailbox I get "No route to host"

@viral yew feel free to DM me

InfoSec Pat is now live-streaming our new Red Team Capstone Challenge Network 🔥

Watch live: https://www.youtube.com/live/Awd6LFmqzqw?feature=share

Pop me a DM if it hasn't been sorted yet

hey @trim beacon , it was 🙂

but can I DM you for a sane check?

not asking for hints

Jip, happy to listen 🙂

where is the capstone located at? lol I have a 40 day streak but don't see the red teaming capstone

On the Dashboard page.

Do i need to complete the Red Team learning path to get access?

dont see it on the dashboard

Have to be a subscriber.

found the challenge through a blog.

so we only get 6 days worth?

No, u have access til june 5

yea I thought it meant that

sorry

sleep deprived lol. Newborn + overworked

3 flags so far, I am having a blast!

Congrats! Well on the newborn, not the overworked part 🙂

Cool, glad to hear you are enjoying it. You even got a first blood question. 🥳

Thanks 🙏

Gave +1 Rep to @clear badger

Hey all super happy to see that some of you have gotten some flags!

Just two things from my side, when you compromise a host, go and authenticate to e-citizen to submit proof of compromise. That will get you your respective flag.

Secondly. Use good old command prompt to create your flag (or even notepad). Powershell echo is different (| instead of >) which can add a null byte, which will make e-citizen not verify the proof

Was this issue resolved? If not, just DM me your VPN internet IP and a bit later today I'll take a look.

When the network resets it goes back to its base state. From there, config scripts execute to have it saturate the values of the network's specific subnet. Some of this saturation, like changes routes, DNS, or connections, takes a bit longer (5-15 minutes) and if users already start using them during this saturation period, it can make them unstable or not saturate config at all. But nothing a quick manual force can't fix

yeah, I got some issues when the network resets sometimes

the major issue is that the routes are not applied correctly

for example, the network was resetted now, and I cant reach the machines

Giving it 15 minutes just to run all config should do the trick.

But the nice thing is, there are other paths to breach or perform actions as well. Can always explore those as well.

I would also recommend fewer resets, reset only when you are sure there is an issue. Reseting won't make the challenge easier sadly 😅

I didnt reset it

the time was over

Pop me the VPN internet IP and I'll push config

That will just required a restart. But make sure to read the note in bold. If you don't refresh the page before clicking start after the network stopped. It will be locked for the time on the timer

I always do a refresh

As discussed on DMs, also just give it 2 minutes. If AWS is still stopping the network while you give the Start signal, it can cause a clash

If your network stops, it is nature's way of telling you to take a leg stretch break 🙂 Red teams are marathons, not sprints

Can't seem to access the machines due to routing issues. Can anyone help?

@trim beacon I'm having issues with my corp connection, being reset in a loop. The Capstone connection is stable, any ideas?
Thanks,

Gave +1 Rep to @trim beacon

The fastest solution is to leave and join room, but you get another subnet

This normal? Will I have to repeat this process from time to time?

it is not normal. Apparently, when the network stops, we should give it a couple of minutes before refreshing the page and starting it again, and then a couple of more minutes for the network to stabilize

failing to do so might lock the network in a state where the machines are offline

im runing out of ideas, might as well go to bed

😩

Hey friends!

I am LIVE again on Twitch working through the Red Team Capstone Challenge by TryHackMe. I am by no means an expert, but am focused on going slow and learning through the process. If you'd like to hack alongside me, come join & let's learn together.

TIME TO HACK THE BANK!

https://hacksmarter.live

So a quick tip to determine if it is a stabilisation issue, if the routes being pushed start with 172 instead of 10, it is a stabilisation issue. Otherwise, it is intentional instability

Full recording of the second stream. We also explain the intentional instability @trim beacon is referring to above in the video. If you watch it right when I post it, quality might be bad because YouTube is still processing the HD version 🙂
https://youtu.be/TUyYUSr0O_Y

Thanks for all the info, I will give it another attempt after work!

Gave +1 Rep to @trim beacon

the subnet 10.200.89.0/24 works fine please dont reset

😢

@smoky breach What IP? .11, .12 or .13 ?

13

DM me a screenshot

yes

We went through two months of QA testing without a single reset. This network is really stable. The biggest issue we had was once a DNS issue krept in after the DC ran for a straight 10 hours. But even then just letting the network sleep and then start again solved the issue. We are seeing a high number of resets. I do mean this in the nicest way possible, resets are not going to make this challenge easier

Yeah, that was our issue also.

Network was fine unless it was reset.

I am not a subscriber but I am considering to subscribe just for trying this. Please let me know how this network has been so far. If you guys were able to learn something new or cool. Would love to hear some feedbacks on it. Thanks!

Hello, I just got back back from 1 week vacation and wanted to do this nice red team capstone challenge. Now it is blocked by a 7 day streak what is really frustrating. I'm a paying customer for years and in global top 100 what shows my commitment so I would really appriciate the possibility to start with this room. Is there anybody here from THM that can activate this?

You could try asking support via E-mail?

Its worth it!

Streaks will be reset if still within the 7 day window

Just email support

Thought I'd share the leaderboard thus far. For anonymity, only publishing the first letter of your username. You know who you are 😉

• First Place: M - 8 flags 🎉
• Second Place: Joint S and a - 4 flags
• Third Place: J - 3 flags

Even if you start late, still have a chance in the competition!

Ohhh 😮 let’s go!!

i think i'll just participate to play it since it seems really interesting but not compete

You never know! Remember we have two competitions. One for the fastest hackers and one for the best red team writeup. So even if you go slower you can still win a prize!

question, once your like 6 days of access runs out do you need a new streak to rejoin

No! You only need to meet the streak requirement once

I must say I'm enjoying the challenge. The problems with the networks where come hosts go down then others go down is brilliant. Thanks @trim beacon

Gave +1 Rep to @trim beacon

I have 5 so far

that is the same leaderboard?

Ah did a refresh and saw an additional flag! Will give updates once a day-ish

ok ok 🙂

Glad you are liking it. Good luck with the challenge!

gonna work for a couple of more later this night ^^

Good luck! This next part should be fun! 🙂

Tnks

I am having a blast so far

I think I made the mistake of starting the network back up too fast after it stopped and now none of the hosts is responding :/
Will this fix itself after the timer ran out again?

I assume u did this, so now it is probably just a waiting game

Time to get some fresh air sadly! But yes, will fix itself once the timer runs out

Alright, I already guessed so. But as long as it will be fixing it self, it is all good. Then I will just take a break now

question, just got back at it and I noticed that my Corp VPN is giving me the 172.x.x.x IPs for the routes. So, what should I do, as I did not start the network, it was already running for less than 30 mins. I know @trim beacon, said this is the stabilization issue.

Day #3! If anyone wants to learn together, come join the stream 🙂
https://www.twitch.tv/hack_smarter

Sorted in DMs. For others, since it seems that this is the path most taken, I'm balancing the "breach meta" and saying that users need to figure this out. If the VPN is pushing down the wrong routes, what is stopping you from pushing down different routes yourself? Since this is the most taken path of breach, going to now request users to fix this themselves to push more users to the other attack paths

Full recording from today's stream. I was able to compromise the first 3 flags so please do not watch if you don't want a spoiler/massive hint 🙂
https://youtu.be/svdhIyifHC8

I found new ovpn

sudo openvpn new.ovpn (i run code)

"Initialization Sequence Completed" Done.

But why again again ~~ "Restart pause, 1 second(s)"
is bug?

plz help me

Spoilers

sorry, I changed the question.

Very disappointed to find out that I still need a 7-day streak to join this room even though I pay for a premium membership.

Sorry you feel that way.

However it was stated in the announcement last month that a streak would be implemented.

internal VPN is pushing public ip routes after network restart?

#red-team-capstone-challenge message

But also this #red-team-capstone-challenge message

Yeah got it! Tnx

yes

2023-05-14 10:49:01 Initialization Sequence Completed
2023-05-14 10:49:10 Connection reset, restarting [0]
2023-05-14 10:49:10 SIGUSR1[soft,connection-reset] received, process restarting
2023-05-14 10:49:10 Restart pause, 1 second(s)

how can i fix it? Do you know anyone??

• two ip is 172.x.x.x not 10.x.x.x

(VPN) 10.200.x.12 -> corpUsername.ovpn

run command -> sudo openvpn corpUsername.ovpn

just again again again

Did you change the x?

yes, change it
1.)sudo gedit corpUsername.ovpn

2.) and change that -> remote 10.200.x.x 1194 -> remote 10.200.116.12 1194
3.) save and, run command -> sudo openvpn corpUsername.ovpn

4.)
2023-05-14 10:49:01 Initialization Sequence Completed
2023-05-14 10:49:10 Connection reset, restarting [0]
2023-05-14 10:49:10 SIGUSR1[soft,connection-reset] received, process restarting
2023-05-14 10:49:10 Restart pause, 1 second(s)

5.) two ip is 172.x.x.x not 10.x.x.x

4.) <----- just again again again show me

I haven't done anything for two days because of this.
I want to solve this problem, please.

You need to add the routes manually

That is what I do

Delete the routes of 172.x.x.x

Add the routes of 10.200.x.21/22 manually

And you are good to go

The connection reset is not an issue

How can I do that? If I knew that, I wouldn't have asked

And, I copied Tyler's YouTube video exactly the same. By the way, he works fine without any problems and why should I change something?

so how can do that

You need to research

just that command, Shouldn't it work normally?

ok i do it

172.x.x.x Even if I delete it, it's still the same.

4.) again show me
and 172.x.x.x

We are just the beta testers for the business customers 😕

ahhhh

yeah 100% understand

Am I the only one with that phenomenon?

Are there no errors for others?

I have a similar problem, I replaced 10.200.x.x 1194 by 10.200.121.12 1194 according to the network I have. As a result, sudo openvpn corpUsername.ovpn gives me "Options error: route parameter network/IP '10.2001.21' must be a valid address". I checked several times if I didn't make a typo, it's correct.

I think only the lucky one in the "red team capstone challenge" room can play the game without any errors at all

It's not lucky, you just need to figure out how to fix the VPN file

Remember that this is a challenge room

No challenge is ever going to work as you intend and no tool is ever going to work right out of the box. That’s one of the elements of a challenge as beautifully explained in Task 1. This is where your troubleshooting skills will come in handy. You can do it!!

i see youtube Tyler was connects right away without any settings

why can't i...

sooooo sad

I've been stuck on this for three days

Not at all, this was rigorously tested before release by our room testers.
We wanted to give you all a chance to try it out

do not blame or praise shadow for testing this though as shadow was focusing on their national tests in swedish 3 during the testing phase so have not done any of this

There are other attack paths without that specific one. Look at some other ways (this is what I'll be attempting on stream tonight, looking at some other ways for initial access)

Really!? Thank you very much!😀🫠

Gave +1 Rep to @quaint knot

There has to be a way to make it available after the 30 days to non-business customers. Can’t you do something like you did with throwback? Maybe a little money for access to the network?

With the price structure, I doubt it.

This network is 10x bigger than Throwback, it would be incredibly expensive to run publicly, we have ran the numbers and it wouldn't be sustainable. Furthermore, business users have a different support pipeline that is able to handle supporting this network.

We do love our community, and we will never forget where we came from, we are looking into what we can do for our non-business members. And there are plenty more updates down the road that everyone can benefit from 😉 😁

Leaderboard for Day 3:

+----------+-----------------------+
| username | Flag Submission Count |
+----------+-----------------------+
| M        |                     8 |
| a        |                     7 |
| S        |                     6 |
| J        |                     5 |
| j        |                     4 |
| m        |                     3 |
| u        |                     3 |
| T        |                     3 |
| s        |                     3 |
| S        |                     3 |
| p        |                     3 |
| m        |                     3 |
| K        |                     3 |
| H        |                     3 |
| d        |                     3 |
| d        |                     3 |
| d        |                     3 |
| B        |                     3 |
| a        |                     3 |
| K        |                     2 |
| N        |                     1 |
| n        |                     1 |
| h        |                     1 |
| S        |                     1 |
+----------+-----------------------+

I've been doing the network, but I haven't entered any flags.

I'll enter em in at the end.

Out of interest, how far are you? What's the magic number?

Cause you can submit up to flag 8 without ruining first bloods for the competition participants

Still 3.

I thought I had priv esc'd,

But someone kept kicking me something by logging in, so I stopped, haven't picked it back up since.

Good luck then with the privesc!

Might just be other users kicking you out, so might have to take an approach different than just RDP, which is single user use

It was.

that was problem that i have at first place. at first i was thinking is due to mi connection or some settings.
the result was something i didn't think of at first
almost the same issue of "fix" the ovpn file =/
nice thinking yea

On a normal red team engagement, you would almost never just yolo authenticate to RDP with a user's credentials. Since you might lock them out which would be very suspicious. So it is something best left until the dead of night 😉

I like to use CrackMapExec just to confirm I have a login.

At first i didn't think of that idea. After first disconnect my random thought was: there is no way that some sitting in front of pc with that $IP and re-login into so he can disconnect me.
But yea. don't yolo into RDP at any time of the day/week on real engagement

that is why I only work at 4 am 😂

quick Q. is it allowed to delete services that windows running ?

@quaint knot I know you are taking a very methodical red team approach through the capstone, is there any chance you might also write a mock report at the end? I think that would be extremely cool and insightful

is the network down for anyone else?

If I have time I will! I'm a web app pentester for my job, so I don't do red Teaming or internal pentests (yet), but might be a good experience to write a mock report!

having an issue. Anyone else get this error when verifying your newly created email account?

Day 4... 4th stream. Let's go!
https://hacksmarter.live

That means your network is offline

Hmm. Any recommendations on how to remedy this issue?

Refresh your room page, if it says the network is running, it is not and you need to wait for the timer to finish before you can restart the network. If the network is in the stopped state, just start it

Day 4 recording... I don't want to share too much, so as not to spoil the network. But I demonstrate some reverse shells... privilege escalation... and port forwarding. Enjoy 🙂
https://youtu.be/qr8eGM1zhV8

https://tenor.com/view/mike-myers-austin-powers-austin-one-million-dollars-1million-gif-19177211

The bank has fallen!

Congrats to @south mirage who is our SWIFTest hacker after four days on intensive hacking! Fully compromising TheReserve and transferring 1 million dollars!

Who will take the coveted second and third place?

Also, don't forget that speed isn't everything! Even if you don't make the first three places, we have another competition for the three best writeups of the challenge and some runner ups! Let it rain shells and dollars! Best of luck to everyone

Thank you very much for creating this awesome network!
I really enjoyed it and will definitely go back and try out some of the alternative routes too :)

Gave +1 Rep to @trim beacon

Woahh 4 days! That's impressive!

helo

can someone help me`? i can't join the room, it says i need 7 day streak, which i had (i am able to access all other rooms that require 7 days streak), is this a known issue?

What is your current streak?

0?

so its current streak.. why??

When was the last time you had a streak?

i don't know, let me check

AFAIK.

You need a streak of 7 or more at time of release.

Any streaks before the room release won't be counted.

oh...

so i've got 20 days to get a 7 days streak and jojnthe room,

Yup 🙂

Someone already has all 20 flags, but AFAIK, 2nd and 3rd are still possible.

i don't care about prizes

😄

Then you'll have plenty of time.

i just can't get my head ove rthe fact that they're switching to business only content...

It's due to how this network is designed, it's not cost effect to run it on the normal sub plan.

well, what about having it available for purchase just like other rooms?

Because the cost would be too great, I think.

Also, the business account has support that is more structured to this type of network,

This network is 10x bigger than Throwback, it would be incredibly expensive to run publicly, we have ran the numbers and it wouldn't be sustainable. Furthermore, business users have a different support pipeline that is able to handle supporting this network.

We do love our community, and we will never forget where we came from, we are looking into what we can do for our non-business members. And there are plenty more updates down the road that everyone can benefit from

From Jabba.

Is there tech support I can DM in here in regards to email authentication for the capstone?

You having issues?

yes. Having issues authenticating to my inbox

Has the network been reset lately?

I'm not sure Amo3 is here just now.

I think it has been, yes

What error do you get when you and authenticate?

so hard to get access on a DC and someone just reset the network 😩

Subnet 10.200.89.x please stop reseting the network

Its the 3rd time now

If the network has been reset, you need to log in to e-citizen and then use option 3 to recreate the mailbox

So ssh to e-citizen -> authenticate -> recreate mailbox

Wait is this for all THM?

no

I was about to yell 😂

I may not have scrolled up far enough.

but the fact that they're building content business only marks a change in how they'll operate

Not at all.

There's still over 200 waiting for be QA verified so they can be released.

That's not including in house content.

Nah lol I get what you mean but it'd be a dumb business move with a lot of people willing to learn or at least give it a try.

I started with no experience about 9 ish months ago properly. THM has helped a ton in that time. Didn't even know how to work a Linux terminal lol.

why are people resetting the network

Deleted your third image, as it is not quite appropriate @austere oriole Do you think the reset count (number of votes needed) should be increased?

I think it should

people will face minor inconvenience and reset the whole network for it :|

sorry about the image

idd

3 more days then i have 7 days of streak!

Ready to show impact

any mod for an explanation?

About the challenge in general or a particular issue you are encountering?

Can I DM?

Yeah go ahead. 🙂

Can I post my network here?

Completed

congrats!!

AWESOME JOB!!!!

I still feel that dopamine rush

I should go to sleep since I'm gonna work tomorrow morning, but I can't 😂

btw my current network is up and running for 10 hours straight

which is awesome, since I got like 2 resets in the morning

It was built and tested to last 💪🏼

Congrats! 🍾🎈🎉🎊

ahhh 3 more days i am really looking forward to this but i'm worried i'll get stuck

having probs with setting up of email account (using evolution in linux terminal) - have entered all the creds as supplied in initial briefing but keeps giving error message ... frustration as have made progress into internal network but when i goto validate the e-citizen portal says will send email with flag detail - am unable to receive them

could an admin pls check my creds at thier side ...

and BIG THANK YOU to am03bam4n for such an EPIC adventure !!!!

this is my fav thing i've ever done with THM !!!

that was, by far, my favorite room/lab on tryhackme.

Verifying the flag fails for me and I get the following: "Issue with reading the file provided: 'utf-8' codec can't decode byte 0xff in position 0: invalid start byte" Any suggestions?

Use cmd

Instead of powershell

Or make a text file by hand

Thanks cmd worked. Just tired and need sleep.

Gave +1 Rep to @viral yew

Have you tried recreating the mailbox through e-citizen?

You need to ssh to e-citizen -> authenticate -> recreate mailbox using option 3

thank you - will do that - very much appreciated !!!!! cheers

Gave +1 Rep to @hidden galleon

that worked!!!!! thank you so much - very much appreciated!!!

Gave +1 Rep to @hidden galleon

The results have been confirmed in e-citizen! @viral yew is our second SWIFTest red teamer! Congrats! 🎉

Who will take the third place?

Remember even if you don't make the first three places, we have another competition for the three best writeups of the challenge and some runner ups! Let it rain shells and dollars! Best of luck to everyone!

Thank you @trim beacon , I’ve loved every part of it. I hope we get more of those in the future! Was an awesome experience 😉

Gave +1 Rep to @trim beacon

Really glad you liked it! We will definitely be creating more and making sure that these are much more feasible for subscribers and not just B2B!

it's a nice network!

Congratulations on completing the challenge Azkrath can I ask how long you bin doing this sort of work thanks

I've been working in security for almost 4 years now, but have been in IT for the past 18

What did you think of the flag system?

enjoyed a lot. Way better than typical text files as you need to "prove" the ownership. The next step is to find a way of randomize the flag based on the user providing the proof (for example, if the user was the same between the e-citizen and the THM, you could use the username to generate a unique flag and then validate the flag on the platform against the username that is inserting it).

that way it could mitigate the release of flags in public or writeups

but there is not an easy way to tackle this "problem" tho

THM know who has done what is needed to be done for the flag.

I can't say too much about what I know, other than that.

but yeah, definitely it is a good improvement to the typical system

enjoyed a lot

I hope it comes in to place for many future rooms.

same

yeah, that would be excellent

Is there anyone available to help remedy this issue? I can not connect to webmail server. I've tried verifying email address and I get this error below.

Can you maybe send me your VPN internet IP? So in your OVPN file, that remote IP and I can take a look

any admins able to help please? have made couple attempts to verify this flag but keep getting error mess saying there's an issue with reading the file -

(it's not letting me paste screengrab - am happy to DM)

Going to take a stab in the dark here. Please use command prompt instead of powershell. powershell pipes are different, you need to use "|" instead of ">". So in command prompt: echo UIDFlag > C:\Windows\Temp\username.txt

ah, okay - cools thanks - an using PS

cheers !!!

Thought I'd take a guess 🙂

🙂

In powershell I think the command would be echo UIDFlag | C:\Windows\Temp\username.txt but typing from memory so might be missing something

thanks so much am03bam4n - worked a treat in cmd - much appreciated (and thanks for such an AMAZING network !!!!)

Glad you are liking it! Just another tip, remember that in some cases access to a host can allow you to submit multiple flags

thanks - will bear that in mind - much appreciated, cheers!!

Hi guys, I have a problem with 10.200.X.21 VPN domain. I can ping and access any (Web, WebMail) address, but the VPN website is no longer working. Yesterday it was still working. I have also successfully connected to the Capstone network.
Can anyone help me with this problem?

Because I think I got banned

might just be the case that vpn server is bonked. did you try to ping it ?

Yes I do

I accidentally scanned the wrong IP address. Do you know how to get unbanned

not sure for that. might try vote to reset network

I have had the VPN file generated several times and it does not work on the Attack Box either. But yes I could vote for it

As the resident ban inflictor, I can tell you that you are not banned. Might just be something else that is happening.

can i get a sanity check ||trying to rdp into .21 but it's not up. i have employees vpn on as well. also was able to run nmap scans against it last night but now i'm unable to connect. openvpn connection log also shows a different network ip 172.32.5.21 from the first time i connected but that also doesn't work||

Subs to THM but still needs a streak to join room???????????????????????????????????????

yuup that is intended and for everyone

recommend you do the #red-teaming-path in the mean time while you build streak

I already finished the path

...

completed that like months ago

like when it was first released

The initial announcement said people should keep up their streak

👍 You still have time to do it!

For those following my nightly live stream through the "Red Team Capstone" network by TryHackMe -- I will be taking tonight off. Unfortunately my son is sick, which means I got about 3 hours of sleep last night. I will not be speaking coherently if I stay up as late as I usually do and then go live for everyone to watch 😂

I'm planning on going to bed early tonight, and then the stream will be back tomorrow at 9pm CST.

I wish your son a swift recovery and you a restful night.

guess we will suffer without you 🙂

anyone know if it's something i'm doing wrong or if the network needs a reset?

@quaint knot Hope your son feels better soon, just a heads up - your invite link seems to be invalid in the description

You cam dm me how you're logging in.

If you read previous messages, you will see that we are stating that this is intentional behaviour and is something that we expect users to debug. We saw too many users taking this specific breach path and therefore decided to make it slightly harder in order to balance it with other breach paths.

The hosts .13 WEB, .12 VPN and .11 WebMail aren't reachable anymore. Tried it with the Attackbox and on my machine via ovpn. Is this part of the challenge 😅 ?

Does it still say your network is running?

Also, if you are trying both your machine and attackbox, make sure not to run both at the same time, else will create a VPN conflict

yes, it just extended automatically several minutes ago

Networks never automatically extend. Means someone else extended. What is the results web you ping .13? Does it say no route to host?

i had the issue before running both on my machine, and to test it i ran the attackbox, which might have created a conflict now

If ping says no route to host, it is this problem

Best to then kill AttackBox, all other VPNs. And then wait a minute before restarting on just one machine. But also debug for the no route to host problem

ok, i ll try that. Thank you very much for your fast response 🙂 👍

icmp_seq=1 Destination Host Unreachable it still persist, i ll go to work, maybe it resolves by itself in the next 8 hours 😄

Oh, interesting!

Congrats to @austere oriole , our third SWIFTest hacker to successfully complete the challenge and take all the monies! 🎉

Now the competition for the Red Teamer of the Month starts! Make sure to get those writeups submitted before the 31st of May! Best of luck to all you red teamers!

To whoever put effort into creating this network, you rock.

To whoever is lucky enough to play this network now or in the future I have one thing to say: "You lucky bastards "

When you register using thm username it fails cause I have a . In my username. Will it work if I just remove the . ?

Should do yes

@trim beacon created it.

Thanks

All by himself?

Daym

What a legend

Unsure if it was alone, but I think they probably done the biggest chunk of it.

The challenge itself yes. But it was a lot of team effort to get everything tests and live in production!

Greetings all red teamers!

With the three SWIFTest hacker prizes completed, we are relaxing our "no hints or nudges" policy. Feel free to have discussions about the challenge but please remember to use spoilers tags for these discussions.

Happy hacking!

||Hey, I have pwned the domain but still can not get admin access to Tier 2 infrastructure.||

What the ... is going on?

@trim beacon I just got access to the challenge as I just got done with my 7 days streak. I joined and saw this. Can you let me know what is this about?

what does it mean by 6 days of access left?

We automatically kick out users after 6 days, but then you can just rejoin the challenge. This is done to reduce network capacity requirements for inactive users. However, you only need the streak once to join the challenge 🙂

Please use spoiler tags when having conversations about the tasks in the network. Also, it might be worth giving more information on what exactly you are trying to do for others to assist you

||So i am domain admin to corp. I have dumped everything and captured all the flags up until Flag 8 except the Tier 2 Infrastructure one.||

||I have tried accessing with smbclient to write a file (as domain admin), RDP as domain admin and adrian (both are restricted) and using runas which has also failed||

||how can we take advantage of Domain Trusts?||

|| Why not just use your low privileged AD creds to RDP to either WRK1 or WRK2 and submit the flags? Or use your DA permissions to reset the password of a T2 account that will be admin on the workstations? DA's have restrictions on where they can auth since their accounts are part of the protected users group. ||

|| for some reason Tier 2 admins can not RDP to WRK2. I will try again. Moreover, Ibwill see if any hashes break so I can use runas from the rdp ||

|| net localgroup Administrators to determine who has admin access on WRK1 or WRK2 and then use those accounts to gain admin access ||

|| I gave it a try with Adrian who is a local admin (not sure if this account belongs to the lab or is player-created. I will try again soon and see what happens. It is just for completion purposes since gaining DA is what would matter in a real engagement. ||

Thanks for the help

You could also use || mimikatz || to rather do a || pth || than having to do ||runas||

|| In that case it would require buypasses since AV is enabled ||

||part of the lab||

Would usually agree with this: || It is just for completion purposes since gaining DA is what would matter in a real engagement. ||

But in this engagement, your final goal is different. As as mentioned before, you can't really tell the client that you can't get something to work. Luckily those hosts are not required for goal execution in this example, but if they were, you would have to figure out some way to get it to work even if ||the DA account cannot be used directly||

||check how you can take advantage of domain trusts. The Red Team Path might help in that. It might be easier to reach to the top before exploring other child domain.||

Hello hello, can we please restrict the usage of spoiler tags to a minimum, as we moderators have to unspoiler all those each time we revisit the channel to "moderate the channel". 🙏

The last page was reading like a CIA document. 😆

Sorry but I don't want to give away anything.

Perhaps it is easier to ask if we can DM someone for help, after we describe the situation briefly.

Long conversations might be more suited in DM if you have to spoiler the whole thing. 🙂