Heist

1356724

Comments

  • Type your comment> @sazouki said:

    Type your comment> @Seepckoa said:

    Type your comment> @Ev1ld3v3l0p3r said:

    Need some help, is it required to get the plaintext password to move forward. None are working on the higher password.

    Yes you have to find a way to see the password in clear to go further. ;)

    what about the correct user ? none of them works with that ruby exploit

    Try to find another user with an appropriate list. :)

  • Type your comment> @OscarAkaElvis said:

    Hi, I saw some people asking for a tool to connect to W***m. Ok I can recommend this tool on which I'm collaborating.

    Easy to install via git clone or via gem install (this is even easier). All needed is in the documenation at readme file: https://github.com/Hackplayers/evil-winrm

    Hope it helps!

    This was my first choice, but didn't know what to enter for -s and -e, so I finally opted for a different winrm tool:

    https://alionder.net/winrm-shell/

    Works smooth like silk.

    @OscarAkaElvis what am I missing with evil-winrm?

  • edited August 2019

    Am stuck on how to find alternative usernames. Have got the 2.5 credential sets okay & have been looking at username enumeration options (including playing some some of the impacket scripts). So far not having much luck.

    EDIT - user.txt owned, onto root


    OSCP | PMP

  • -e and -s are to set a local dir containing executables and powershell scripts. Let's suppose you want to launch a Sherlock.ps1 . Ok, put that powershell script on your local folder, set it using -s and once connected you can launch "menu" command. You'll see some stuff but not Sherlock stuff (yet). Then, type "Sherlock.ps1" <- it autocompletes using tab, and after pressing enter, Evil-WinRM is loading the powershell into memory. If you launch again "menu" command you'll see all the available Sherlock commands including the Find-AllVulns command.

  • someone could send me a PM I tried all combinations of credentials without success. voelvo understand where I'm wrong

  • oof, i wish there were "hack-alongs". being a noob is headaching...

  • edited August 2019

    .

  • Type your comment> @elcaroak said:

    oof, i wish there were "hack-alongs". being a noob is headaching...

    If you buy VIP, you can do all the old retired boxes with the write-ups.

  • Hi,
    If someone can give me a nudge in DM.
    I have everything but nothing seems to work for me, will better explain in DM
    Thanks

  • Spoiler Removed

    Arrexel
    OSCP | I'm not a rapper

  • I used r**c****t for that and manually enumerated after finding some known users, probably not the most elegant way, probably missing a tool that auto does it!

    da1y

    OSWE | OSCP | eCPPTv2

    I rarely check private messages, if you do ask for help, show your workings. I don't reply to wall posts.

  • @sazouki did you use the credz you already have?

  • there is a pretty sweet perl script that enums users from the service you all want to access so much

    trollzorftw

  • Type your comment> @badman89 said:

    @sazouki did you use the credz you already have?

    i got it after install all the requirement from that github repo

    Arrexel
    OSCP | I'm not a rapper

  • Stupid question but do i need to be cracking the $1$ I have decrypted the other 2 passwords but can't seem to crack the other!

    Hack The Box

  • Type your comment> @Dreadless said:

    Stupid question but do i need to be cracking the $1$ I have decrypted the other 2 passwords but can't seem to crack the other!

    Yes

  • Type your comment> @DameDrewby said:

    Type your comment> @Dreadless said:

    Stupid question but do i need to be cracking the $1$ I have decrypted the other 2 passwords but can't seem to crack the other!

    Yes

    Thank you, I will keep hunting for a way :)

    Hack The Box

  • Fun box, helped me to get some much needed enumeration practice on Windows :-)

    da1y

    OSWE | OSCP | eCPPTv2

    I rarely check private messages, if you do ask for help, show your workings. I don't reply to wall posts.

  • Type your comment> @Dreadless said:

    Type your comment> @DameDrewby said:

    Type your comment> @Dreadless said:

    Stupid question but do i need to be cracking the $1$ I have decrypted the other 2 passwords but can't seem to crack the other!

    Yes

    Thank you, I will keep hunting for a way :)

    check my previous post, I shared the script to decrypt that pwd

    Arrexel
    OSCP | I'm not a rapper

  • edited August 2019

    Can anyone drop me a hint on where/how to use the 3 creds I found. I've tried all user/pass combinations on every service I could find but nothing is working

  • Hi guys.. just after a little nudge please? I have 3 passwords... I can authenticate on 445 with a username and password.. but can't seem to use the winrm shell etc to progress... I think I may be missing something..

    OSCP | CCNA | CPSA

  • Hey, got user but stuck hard at root, and not able to use powerup.ps1 on this box is this by design or I am doing some shitty mistake somewhere any nudges please..

  • I've got user as well. Couldn't get powerup to work. Sherlock returns nothing useful. Trying jaws-enum now.

  • Does the attachment attached give any hint for passwords?And also is the port 5***,the right way to go? Guys?
  • I have user now guys.. don't need a nudge.. now for root..

    OSCP | CCNA | CPSA

  • is the admin pwd in www**** a rabbit hole ?

    Arrexel
    OSCP | I'm not a rapper

  • Ok, this box is weird. I have the new username and all passwords. According to one of the aux scanners, one login combination works fine but it fails while using any winrm shells.

    Am i missing something obvious here?

    For asking help, please describe what you have tried so far, so i don't spoil too much.
    If you believe i was able to help, please provide feedback by giving respect:
    https://www.hackthebox.eu/home/users/profile/122308

  • anyone give a hint on root, i cant seem to run any enum scripts. the user doesnt seem to have much privs cant even access the public folder weirdly

  • is there something in I*C$? or am i going the wrong way?

  • Finally rooted!! For user, from 1 to 10, enum 27. For root, think about a real world situation and use the environment you know!
    PM me on Telegram (jorgectf) for any help.
Sign In to comment.