Netmon

edited March 2 in Machines
Starting the thread. :)
Tagged:
«13456715

Comments

  • user is so easy lol !

  • wish i woke up earlier to get firstblood

    illwilll
    OSCP

  • When you regret not going for first blood

  • Never thought that there will be an easier box than Jerry lol

  • lmaoooo the user !!!!!

  • Its the PR** ****ig **le a rabbit hole?

  • jeez I cant see anything after user

  • User is easier than I could have imagined. I am totally lost on root. My first box was Access and I couldn't figure out how to do root on it. Hopefully this one is a little easier than access to help me understand some basic priv esc.

  • Oh wow... The user flag is easy. lol

    tiger5tyle

  • @KaotiqCJ said:
    User is easier than I could have imagined. I am totally lost on root. My first box was Access and I couldn't figure out how to do root on it. Hopefully this one is a little easier than access to help me understand some basic priv esc.

    Yeah I was the same. I'm working on a few avenues for root access atm.

  • edited March 2

    Found creds but they don't work where I expected.

    But the box is extremely slow now - maybe heavily brute-forced?

    Edit: Sorted out - 'think like a user'.

  • edited March 3

    Got Root. The obvious app is the path forward once you get user. Keep googling the app and you will find tutorials and conversations that will give you everything needed to get this box.

    1. Find something juicy.
    2. That juicy thing doesn't work out of the box. "Think like a user". Modify a piece of it. You're in.
    3. Find a way to blindly "alert" yourself. Depending on how you do this, there may be a step 4: Utilize that famous windows service to profit (via Impacket)

    PS. NO BRUTE FORCING REQUIRED. I doubt the password is even in any wordlists. Don't waste your time and destroy the box for anyone else.

  • User was unbelievably simple... Still stuck on root, though. Found the l**** page with n***, and tried to get in by using default creds, but nothing... A little weary to start brute-forcing yet; I'd rather exhaust other avenues before getting too hacky. Also noticed a W****** S***** vuln. Tried to exploit but didn't work... Anybody else making headway?

    Hack The Box

  • please stop bruteforcing ...

    illwilll
    OSCP

  • edited March 2

    do people change the creds ? I got them in 2 ways but i cant l*****

    peek

  • Type your comment> @peek said:

    do people change the creds ? I got them in 2 ways but i cant l*****

    Having the same issue... And was thinking the same thing as well... Finally managed to get creds the same two ways I'm thinking you probably did too, and neither worked..

    Hack The Box

  • edited March 2

    honestly im so bored i could publish them, I expect someone to confirm them before.

    peek

  • to find the creds do we need to look inside the box??

  • user was super simple, managed to get the creds working (had to think like a user).. trying to find some type of special feature now..

  • Type your comment> @1NC39T10N said:

    Got Root. The obvious app is the path forward once you get user. Keeping google the app and you will find tutorials and conversations that will give you everything needed to get this box.

    1. Find something juicy.
    2. That juicy thing doesn't work out of the box. "Think like a user". You're in.
    3. Find a way to blindly "alert" yourself. Depending on how you do this, there may be a step 4: Utilize that famous windows service to profit (via Impacket)

    PS. NO BRUTE FORCING REQUIRED. I doubt the password is even in any wordlists. Don't waste your time and destroy the box for anyone else.

    Fantastic hint. I made a mistake in not using ls -la this cost me some precious time for getting the creds.

  • I have user, too easy, any hint for root?

  • edited March 3

    Finally rooted. The login part was probably the most annoying, because of people performing certain actions on the box.

  • So for a non-expert like me, any help being offered?

  • User was so easy I didn't even bother with it for a while because I thought it couldn't be that easy.

    cognitiv3

  • Lol ..I am not getting the user ..I am so dumb

    Hack The Box

    Always giving respect to people who guided me properly without spoiling .

    Think everyone should do the same.

    https://www.hackthebox.eu/home/users/profile/88499

  • edited March 3

    is user through F** ?

    EDIT :- DAMN GUI .. used command line got it :)

    Hack The Box

    Always giving respect to people who guided me properly without spoiling .

    Think everyone should do the same.

    https://www.hackthebox.eu/home/users/profile/88499

  • Type your comment> @1NC39T10N said:

    Got Root. The obvious app is the path forward once you get user. Keeping google the app and you will find tutorials and conversations that will give you everything needed to get this box.

    1. Find something juicy.
    2. That juicy thing doesn't work out of the box. "Think like a user". You're in.
    3. Find a way to blindly "alert" yourself. Depending on how you do this, there may be a step 4: Utilize that famous windows service to profit (via Impacket)

    PS. NO BRUTE FORCING REQUIRED. I doubt the password is even in any wordlists. Don't waste your time and destroy the box for anyone else.

    Is the "juicy" thing through F** ?

    Hack The Box

    Always giving respect to people who guided me properly without spoiling .

    Think everyone should do the same.

    https://www.hackthebox.eu/home/users/profile/88499

  • "Think like a user" brain "think like a user "

    Hack The Box

    Always giving respect to people who guided me properly without spoiling .

    Think everyone should do the same.

    https://www.hackthebox.eu/home/users/profile/88499

  • Fun box, required some extra thinking :) thanks to the creator

Sign In to comment.