Am stuck on how to find alternative usernames. Have got the 2.5 credential sets okay & have been looking at username enumeration options (including playing some some of the impacket scripts). So far not having much luck.
-e and -s are to set a local dir containing executables and powershell scripts. Let's suppose you want to launch a Sherlock.ps1 . Ok, put that powershell script on your local folder, set it using -s and once connected you can launch "menu" command. You'll see some stuff but not Sherlock stuff (yet). Then, type "Sherlock.ps1" <- it autocompletes using tab, and after pressing enter, Evil-WinRM is loading the powershell into memory. If you launch again "menu" command you'll see all the available Sherlock commands including the Find-AllVulns command.
I used r**c****t for that and manually enumerated after finding some known users, probably not the most elegant way, probably missing a tool that auto does it!
OSWE | OSCP | eCPPTv2
I rarely check private messages, if you do ask for help, show your workings. I don't reply to wall posts.
Can anyone drop me a hint on where/how to use the 3 creds I found. I've tried all user/pass combinations on every service I could find but nothing is working
Hi guys.. just after a little nudge please? I have 3 passwords... I can authenticate on 445 with a username and password.. but can't seem to use the winrm shell etc to progress... I think I may be missing something..
Hey, got user but stuck hard at root, and not able to use powerup.ps1 on this box is this by design or I am doing some shitty mistake somewhere any nudges please..
Ok, this box is weird. I have the new username and all passwords. According to one of the aux scanners, one login combination works fine but it fails while using any winrm shells.
Am i missing something obvious here?
For asking help, please describe what you have tried so far, so i don't spoil too much.
If you believe i was able to help, please provide feedback by giving respect: https://www.hackthebox.eu/home/users/profile/122308
Finally rooted!! For user, from 1 to 10, enum 27. For root, think about a real world situation and use the environment you know!
PM me on Telegram (jorgectf) for any help.
Comments
Type your comment> @sazouki said:
Try to find another user with an appropriate list.
Type your comment> @OscarAkaElvis said:
This was my first choice, but didn't know what to enter for -s and -e, so I finally opted for a different winrm tool:
https://alionder.net/winrm-shell/
Works smooth like silk.
@OscarAkaElvis what am I missing with evil-winrm?
Am stuck on how to find alternative usernames. Have got the 2.5 credential sets okay & have been looking at username enumeration options (including playing some some of the impacket scripts). So far not having much luck.
EDIT - user.txt owned, onto root
OSCP | PMP
-e and -s are to set a local dir containing executables and powershell scripts. Let's suppose you want to launch a Sherlock.ps1 . Ok, put that powershell script on your local folder, set it using -s and once connected you can launch "menu" command. You'll see some stuff but not Sherlock stuff (yet). Then, type "Sherlock.ps1" <- it autocompletes using tab, and after pressing enter, Evil-WinRM is loading the powershell into memory. If you launch again "menu" command you'll see all the available Sherlock commands including the Find-AllVulns command.
someone could send me a PM I tried all combinations of credentials without success. voelvo understand where I'm wrong
oof, i wish there were "hack-alongs". being a noob is headaching...
.
Type your comment> @elcaroak said:
If you buy VIP, you can do all the old retired boxes with the write-ups.
Hi,
If someone can give me a nudge in DM.
I have everything but nothing seems to work for me, will better explain in DM
Thanks
Spoiler Removed
OSCP | I'm not a rapper
I used r**c****t for that and manually enumerated after finding some known users, probably not the most elegant way, probably missing a tool that auto does it!
OSWE | OSCP | eCPPTv2
I rarely check private messages, if you do ask for help, show your workings. I don't reply to wall posts.
@sazouki did you use the credz you already have?
there is a pretty sweet perl script that enums users from the service you all want to access so much
Type your comment> @badman89 said:
i got it after install all the requirement from that github repo
OSCP | I'm not a rapper
Stupid question but do i need to be cracking the $1$ I have decrypted the other 2 passwords but can't seem to crack the other!
Type your comment> @Dreadless said:
Yes
Type your comment> @DameDrewby said:
Thank you, I will keep hunting for a way
OSWE | OSCP | eCPPTv2
I rarely check private messages, if you do ask for help, show your workings. I don't reply to wall posts.
Type your comment> @Dreadless said:
check my previous post, I shared the script to decrypt that pwd
OSCP | I'm not a rapper
Can anyone drop me a hint on where/how to use the 3 creds I found. I've tried all user/pass combinations on every service I could find but nothing is working
Hi guys.. just after a little nudge please? I have 3 passwords... I can authenticate on 445 with a username and password.. but can't seem to use the winrm shell etc to progress... I think I may be missing something..
OSCP | CCNA | CPSA
Hey, got user but stuck hard at root, and not able to use powerup.ps1 on this box is this by design or I am doing some shitty mistake somewhere any nudges please..
I've got user as well. Couldn't get powerup to work. Sherlock returns nothing useful. Trying jaws-enum now.
I have user now guys.. don't need a nudge.. now for root..
OSCP | CCNA | CPSA
is the admin pwd in www**** a rabbit hole ?
OSCP | I'm not a rapper
Ok, this box is weird. I have the new username and all passwords. According to one of the aux scanners, one login combination works fine but it fails while using any winrm shells.
Am i missing something obvious here?
For asking help, please describe what you have tried so far, so i don't spoil too much.
If you believe i was able to help, please provide feedback by giving respect:
https://www.hackthebox.eu/home/users/profile/122308
anyone give a hint on root, i cant seem to run any enum scripts. the user doesnt seem to have much privs cant even access the public folder weirdly
is there something in I*C$? or am i going the wrong way?
PM me on Telegram (jorgectf) for any help.