Access

1222325272840

Comments

  • @darkcyber said:

    @Urmine said:
    Hey,
    Been working on privescing for some time now, I think I'm close but I get syntax errors for r**** which I do not understand. Could someone give me a hand please?

    read the manual

    I agree. Turns out that I was using Bash redirects to try to show output. Still, I needed a push to finish this. Thanks EthicalHCOP for helping out.

  • FInally got root thanks @tacosaurus . Apparently I was missing one word, like dark cyber said, read the manual

  • edited December 2018

    What an infuriating box!!! However, I managed to learn a lot in the process of stumbling thru the steps. I also did learn that the vulnerability in this box maybe a common thing in enterprises with older Win boxes that use de-centralized s/w deployment or batch/script file deployments

    Here's my hints (since you are in this thread, I assume you are only figuring out root.txt access)

    1. KISS (Keep It Simple Stupid) - if you haven't figured it out from the prev replies, this box is actually pretty simple. It does not require msf or any kit to get thru.

    2. There are some red herrings in the box once you are in as user. However, it does clue you in to whats possible. I also think the maker may have intended vbs to be used to gain access to the root file.

    3. ALWAYS use full paths in your commands. It will save you some headaches. At least for the r******.
      3.a As a cautionary info, r***** does not give a success or error output. You will need to figure out how to direct the output of the command being run to a file vs your console session. Some of your frustration may be because you haven't tested the result of your attempt to check if it succeeded. t*****t is a pain to work with.

    4. "Access is denied" is intentional and there are multiple ways to get around. You will want to search methods or workarounds to get the contents

    5. Some of the possible methods do seem to break the box or ability to get root.txt. A command that worked for me stopped working midway, and then on a fresh session, did not work at all. Once I gained access to the file, I realised that someone else may have issues getting to it, or will get unexpected results in some of the commands being used. Which is why I think a large number of people tend to reset it. I did try to reverse my changes but found someone had reset it at that moment.

    EDIT: @darkcyber hinted a pretty useful command that gives an idea on how /s********* works. Thanks.

  • @Urmine said:

    @darkcyber said:

    @Urmine said:
    Hey,
    Been working on privescing for some time now, I think I'm close but I get syntax errors for r**** which I do not understand. Could someone give me a hand please?

    read the manual

    I agree. Turns out that I was using Bash redirects to try to show output. Still, I needed a push to finish this. Thanks EthicalHCOP for helping out.

    you're welcome man ! Regards !

  • @laughingman777

    I'm a big fan of Ghost in the Shell too, love your profile pic!!

    I'm a brave warrior of the sea and I have 8000 followers!

  • For those who are struggling:

    Hint 1: You don't need an admin shell.
    Hint 2: You don't have to add user to admin group.

    Hum if you do manage to get an admin shell please PM me sensei. I wanna know how lol

    I'm a brave warrior of the sea and I have 8000 followers!

  • Finding it difficult to get the commands I want to run with the credentialled string. I can make it do other things like run net commands etc but I can't use it to list directories, find files, copy files or make links etc. Can anyone provide a helpful nudge?

  • hey guys, i got the user flag, im tryng with root flag but i have some problem, im noob, i read the threads and i imagine where i must search but something run away from me mmh some hints in PM ? but no spoiler eheh

  • I just finished my first box! It was a lot of fun. For those struggling getting the root flag - look at all of the file properties/attributes to find why you aren't able to read it. Once I did that, I figured it out pretty quick.

  • Finally managed to get the system flag after a day of using wrong command and syntax.
    Those who are still stuck at root, you basically just need to do a simple file operation using the /r**** command with proper syntax and parameters.
    Also the the type or more commands wont work under /r**** as they are a part of cmd.e x e. There's a specific syntax to do that.
    PM me for more hints or help.

  • edited December 2018

    For the life of me I can not ls or dir anything on f**

    Edit: Reconnected to VPN today and it was working fine

  • I just got root. Thanks to @rufy & @nawespet for the help along the way.
    My Two Cents....
    Once you get the trick figured out with the ru*** command, stick with it. You are on the right track. Then most importantly, get your syntax all typed out correctly. ;)

    This was a fun box and I learned a ton about the importance of not being "lazy" as many have said on this forum.

    If anyone would like a hint, I would be glad to assist.

    I've tried trying harder....

  • eXzeXz
    edited December 2018

    Learned a lot from this, thank you the creator. It took me awhile and it was all because of syntax... Struggled with getting root access, user access was much easier. Just remember to do your enumeration. Everything for getting root was correct but it was not outputting the file until I reissued the rest of command with the below switch.

    My one hint: A useful Windows CMD switch... /k or /c (cmd /k).

    Happy to help those who are struggling and will try not give too much away.

  • Nice box, finally rooted.
    Don't forget full path.

    image
    Click here for HTB Profile: You are welcome to contact me for a nudge, but if I help you, please consider giving respect.

  • edited December 2018

    Rooted! Learned a lot about Windows CMD syntax. Frustrating but rewarding box.

    tiger5tyle

  • Rooted at last. Had some issues with the threads most talked about command but after reset it worked better, guessing someone just left the box after completion and it behaved badly..

    I was never able to get the root.txt output by using the on board commands but that same command enabled possibility to get reverse shell and from there it was piece of cake.

    All in all, great box!

  • Finally completed the machine if have any query feel free to ask.
  • Anybody else's explorer crash with an error 550?

  • Hi, I'm new to the site and trying this(Access) as my first box.
    I used an****** with f** and got 2 files.
    I grep'd "password" on the DB which I turned into a text format and found a file with 3 credentials all of which I tried in t*****.
    One of the credentials told me the user didn't have access so I thought to look at the .zip which I found to be encrypted.
    After grepping for a bit and manually looking through files of interest and the log files for anything of interest I've found nothing which unlocks the .zip.
    Would someone mind giving me hint on what to look for in DB.
    It seems I've overlooked something simple.

  • And of course I did overlook something simple. Turns out the pw was what I used for t***** , the one that gave user didn't have access. I use Ubuntu Bionic as my OS and to uncompress and unencrypt I used unzip. When using unzip I kept getting an error,
    "Unsupported compression method 99"
    which made me think I had the wrong password.
    After reading https://access.redhat.com/solutions/59700
    and understanding what that error actually means I realized that unzip doesn't support the encryption method use for this file. Don't use unzip, hopefully this comment saves the next person a headache.
  • i have the password for pst file and read the things written in there but cant understand what to do next. any hint?

  • edited December 2018

    now i'm stuck on the r**** command and the a******** password ! any hints please ?

  • Anyone willing to PM i have set up a windows environment and got the correct syntax of the r**** command but still no luck on the box. Thanks ahead of time!

  • Working on privesc...I've tried many variations of r**** command to no avail. If anyone wouldn't mind PMing me with a nudge in the right direction I'd be really grateful :D

  • As many have said having a Windows VM to test was clutch, also enumerating all files will pretty much give you the command you will need, to do what you need to do. What file that is, well that's an exercise for the user. ;)

    GRID, GPEN

  • edited December 2018

    I got root!!

    thanks @clmtn, @Beggy@brohlm@iphkvm@summerboy
    and
    Thanks to those who have helped me.

  • Rooted. If someone needs a hint PM me :D

  • Hello friends

    I have a user shell but I can't raise with the famous r***s someone could tell me what I'm missing. or what to look for.

    Greetings

  • So i managed user after a couple of hours but like many before i'm stuck with root. I get that R**** needs to be used here but i cannot for the life of me get the right syntax and its driving me mad if someone could give me a hint or any advise it would be much appreciated

  • @juggydancesqd said:
    So i managed user after a couple of hours but like many before i'm stuck with root. I get that R**** needs to be used here but i cannot for the life of me get the right syntax and its driving me mad if someone could give me a hint or any advise it would be much appreciated

    come PM i'll give you some hints

Sign In to comment.