Heist

1151618202124

Comments

  • Guys, thanks for all help! first ever user :)
    Really enummerate and that jewel script made my day :)
    now going for root!

    fko

  • Spoiler Removed

  • Rooted, easy machine.

  • edited October 2019

    What does the fox say?
    "Ring-ding-ding-ding-dingeringeding!
    Gering-ding-ding-ding-dingeringeding!
    Gering-ding-ding-ding-dingeringeding!"

    PM for nudge :cheers: :D

  • Thanks to all of you, I got it. Learned some new tricks so mission accomplished. Good box. As usual, lost time on unnecessary things but ultimately got there. The hints are all there in these posts and are always fun to decipher. For root, Stumbledore's link is solid but the keyword may not be exactly as advertised. Try searching for a more complete word than the securityonline link uses. Although that's the way I went, there are at least 2 other ways without using p******D***.exe. I enjoyed the box.

    Available for nudges.

  • Also just curious, can anyone explain why a lot of ps1 doesn't work? Is it just me or defender or something else?

  • Been hunting the animal but cant find something useful on that process. It seems i have to tweak the options?

    btw: anyone found that weird xss?

    happy to say im a newb

  • Type your comment> @zfyra said:

    Any hint to crack secret 5 pass?

    hashcat64 does in less than a second, need to know type as well as 'rock' the correct wordlist.

    dakotad

  • Dam*iiit! Props to @0x71rex and @mike008 for that push.

    happy to say im a newb

  • Type your comment> @govsec said:

    Dam*iiit! Props to @0x71rex and @mike008 for that push.

    Way to go mate.

  • rooted was a fun box. pretty quick just gotta make sure you enum :)

  • Rooted my first 'Active' Box! Spent the whole weekend on it.. but learned a ton on the way. Props to the creator, and all the help from your comments!

    User:

    1) You can easily get a few users and passwords, make sure you crack them all (one of them can be a little tricky, google helped me get there)

    2) checkout impacket and its user enumeration capabilites!

    3) gaining access required investigating my nmap output, and getting access through a service I hadn't used before, which was cool!
    ** The Metasploit module for actually gaining access through this service did not work for me
    ** I had to search on Github for an alternative. Check out previous comments and you should figure it out.

    Administrator:

    1) I had a tough time on this. A lot of the comments talked about an odd process running. I eventually figured it out, but I missed it because this process didn't seem odd to me.

    2) Dumps + grep/strings got me what I needed.

    *I recommend making a user.txt and pass.txt. Fill those in with the creds you find along the way! Throw them into Metasploit Auxiliary modules whenever you find a new user or password, see what you can login to!

  • Hi buddies,

    This is my first box and I'm completely stuck. I get the passwords stored in files but don't understand how can I perform this box

    Someone could give me some advices ?

    thx

  • Holy cow, I'm an idiot. Just got root. The process route is the "right" way to go and know your tools. Know your tools. Know your tools. Read the manuals. DM me for a nudge

  • edited October 2019

    hey! Need some help, iam unable to download the .dump file , tried some compression but it is always bigger than 100Mb. iMy dowload fails after downloading 4Mb with a dup ack .(and it takes like 10 min to dowload that 4Mb) iam using E**l_W***m to dowload and upload stuff.

    is there any way to get root without downloading the file? already tried some ps like Select-String - -Pattern, but i'm not going anywhere...

    thanks in advance

  • edited October 2019

    Rooted using PS internals :)

  • Type your comment> @Nt3c said:

    hey! Need some help, iam unable to download the .dump file , tried some compression but it is always bigger than 100Mb. iMy dowload fails after downloading 4Mb with a dup ack .(and it takes like 10 min to dowload that 4Mb) iam using E**l_W***m to dowload and upload stuff.

    is there any way to get root without downloading the file? already tried some ps like Select-String - -Pattern, but i'm not going anywhere...

    thanks in advance

    I'm in the same position. Can anyone give us a nudge? I tried dumping the animal processes with a popular PS script and a popular application (pr****mp.exe) but I can't find any interesting strings.

  • Type your comment> @MichiS97 said:

    Type your comment> @Nt3c said:

    hey! Need some help, iam unable to download the .dump file , tried some compression but it is always bigger than 100Mb. iMy dowload fails after downloading 4Mb with a dup ack .(and it takes like 10 min to dowload that 4Mb) iam using E**l_W***m to dowload and upload stuff.

    is there any way to get root without downloading the file? already tried some ps like Select-String - -Pattern, but i'm not going anywhere...

    thanks in advance

    I'm in the same position. Can anyone give us a nudge? I tried dumping the animal processes with a popular PS script and a popular application (pr****mp.exe) but I can't find any interesting strings.

    There is a similar thing that you use in your kali box (to analyze)for pS. Use that it works perfectly, no need to download the file.

  • Finally rooted! It took a couple of days, but was well worth the research. Plenty of hints in this thread to help anyone along! Thanks for the box, @MinatoTW I really enjoyed this one!

    thr33per

  • edited October 2019

    Can somebody PM me a hint for the priv esc, trying to use pd.e** cant get any output though. Nvm, try to use more powerfull

    prutz

  • Type your comment> @nwn00b said:

    Type your comment> @MichiS97 said:

    Type your comment> @Nt3c said:

    hey! Need some help, iam unable to download the .dump file , tried some compression but it is always bigger than 100Mb. iMy dowload fails after downloading 4Mb with a dup ack .(and it takes like 10 min to dowload that 4Mb) iam using E**l_W***m to dowload and upload stuff.

    is there any way to get root without downloading the file? already tried some ps like Select-String - -Pattern, but i'm not going anywhere...

    thanks in advance

    I'm in the same position. Can anyone give us a nudge? I tried dumping the animal processes with a popular PS script and a popular application (pr****mp.exe) but I can't find any interesting strings.

    There is a similar thing that you use in your kali box (to analyze)for pS. Use that it works perfectly, no need to download the file.

    rooted, thanks for the hints

  • edited October 2019

    I am already stuck at enumerating those users :(
    Impacket doesnt bring me further with Acces Denied

    Edit: owned user

    Hack The Box

  • Rooted. This was a pretty hard challange to do if you are not used to enum and to password match. Also the E-W is a pice of.... that made it way harder for me.

    If you get stuck feel free to PM me

    zaBogdan

    If you need help with the boxes, pm me on Discord, zaBogdan#3458, I always forget to respond on form

  • edited October 2019

    anyone got a hint for the dump? File is way to big to scroll through <---- git gut scrub, should read more

    prutz

  • edited October 2019

    Command: **smbclient -L //10.10.10.149 -U H*******

    Reconnecting with SMB1 for workgroup listing.
    do_connect: Connection to 10.10.10.149 failed (Error NT_STATUS_IO_TIMEOUT)
    Failed to connect with SMB1 -- no workgroup available

    can any body help me??

  • Type your comment> @prutz said:

    anyone got a hint for the dump? File is way to big to scroll through <---- git gut scrub, should read more

    Be sure you have the right dump and look for grep alternatives

    Hack The Box

  • edited October 2019

    @pagal said:
    Command: **smbclient -L //10.10.10.149 -U H*******

    Reconnecting with SMB1 for workgroup listing.
    do_connect: Connection to 10.10.10.149 failed (Error NT_STATUS_IO_TIMEOUT)
    Failed to connect with SMB1 -- no workgroup available

    can any body help me??

    Check your parameters...

    Hack The Box

  • I have got all of the users and cracked all of the passwords, I can connect via smbclient in linux but not on w**** using P****S****. I think I should be able to connect in PS with E****-PS******* using user C**** and password Q**************, is this not correct?

  • Credentials are correct, attempt is good, the tool may not be proper. I tried two different ruby scripts and both of them did their job correctly.

    bumika

  • Can someone please PM we with a some help on user? I believe I have done everything mentioned in the forum and still no luck:

    • I have the cracked all 3 passwords from ******.***
    • I have the usernames from that same file, plus another 1 or 2 from the place that brought me to that file
    • None of those credentials work with the common port using the the common client and none work with l*******d.**
    • None of those credentials work with the higher port (using the snakey library)

    I feel like something is wrong with the common port as I can't even run e***4****x on it.
    What am I doing wrong????

Sign In to comment.