Few tips!
Overall: Dont think too much. Google alot. Basic enumeration is the key Basic commands enough!
User: Creds are in front of you, read carefully. I wasn't, so lost a lot of precious time searching the most obvious. Later do the shit and enum services. Remember it's a Windows box.
Root: Look what you got, and google for what are you looking for! Remember simplicity, don't be ultimateHax00r Basic commands enough once again. I lost a lot of time trying to do it in "haxx00r" style haha
Nice and easy box. Thank you @MinatoTW for the quick solve -- I've enjoyed almost all of your boxes so far (except for Ghoul, I'm sorry )... This was a great way of introducing a Windows box to newer users with less environmental familiarity, so I applaud you for that.
Per usual, my hints:
user:
Standard web enumeration isn't quite enough. Check out what other ports are open and enumerate a bit further. Once you've collected everything you need, you can use a common Windows protocol to get your shell. The previous comments in this thread should already be enough to figure out what I'm referring to here (though, I've heard some people on free servers have had a bit of trouble with it).
root:
Check what processes are running. There's one in particular that's interesting. Can you get anything from it? Maybe see what it can give you and go from there.
I'm not sure what people meant by "weird processes running" or "look for output" but in my case what would have saved me some time is this piece advice: "If you find a password, make sure to try it everywhere !!"
Feel free to PM me for hints if you like, thanks to the creator for a fun machine.
guys, need help for user, I've usernames and passwords but it won't allow me to login on higher port.
If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )
Discord-cycl0ps#5219
Telegram-cycl0ps
I've had user for a week.. not sure what I'm looking for.. It might because of the shell i have, but my user doesnt have permissions to see running processes. looked in the both program file folders, nothing stands out. Can someone nudge me in the right direction.
Just rooted. Not sure what everyone meant by looking for a unique process.... I found an encrypted password somewhere that just needed to be decrypted...
For user:
Does getting the right username requires guessing? I found 4 usernames and 3 passwords, tried all the combinations and none worked. (on the higher port)
I'm trying to do a username brute force for now.
For user:
Does getting the right username requires guessing? I found 4 usernames and 3 passwords, tried all the combinations and none worked. (on the higher port)
I'm trying to do a username brute force for now.
Check out a particular script from impacket that could help enumerate usernames.....
lo******d.p*
Can someone give me hint about privilege escalation?
I found the browser process... (only thing that stands out tbh) looked inside place where it stores data. However didnt find anything useful here except of few empty databases.
Is that browser process used to gain root? Did i miss something inside the place where it stores data?
PS. Some people are trolling this machine, few hours ago the data storage directory had changed permissions, so noone else could access it with user privileges.
Comments
Find Where they ?
Few tips!
Basic commands enough!
Basic commands enough once again. I lost a lot of time trying to do it in "haxx00r" style haha 
Overall: Dont think too much. Google alot. Basic enumeration is the key
User: Creds are in front of you, read carefully. I wasn't, so lost a lot of precious time searching the most obvious. Later do the shit and enum services. Remember it's a Windows box.
Root: Look what you got, and google for what are you looking for! Remember simplicity, don't be ultimateHax00r
Nice and easy box. Thank you @MinatoTW for the quick solve -- I've enjoyed almost all of your boxes so far (except for Ghoul, I'm sorry
)... This was a great way of introducing a Windows box to newer users with less environmental familiarity, so I applaud you for that.
Per usual, my hints:
user
:Standard web enumeration isn't quite enough. Check out what other ports are open and enumerate a bit further. Once you've collected everything you need, you can use a common Windows protocol to get your shell. The previous comments in this thread should already be enough to figure out what I'm referring to here (though, I've heard some people on free servers have had a bit of trouble with it).
root
:Check what processes are running. There's one in particular that's interesting. Can you get anything from it? Maybe see what it can give you and go from there.
defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”
Stuck on cracking $1 pass, any hint?
Root owned.
OSCP | PMP
Feel free to PM me for hints if you like, thanks to the creator for a fun machine.
What a wonderful machine
For user: the password is right in front of you. You just need to find the username.
For root: look for what is running and extract its data.
The sha-256 seemed useless for me since it is unbreakable in a reasonable time, so I'm not sure why did someone mention it in here ...
OSCE | OSCP | CRTE | GPEN | eCPTX | CREST CRT | GDAT | eCPPTv2 | GWAPT | OSWP | ECSA (Practical)
Type your comment> @Ryan412 said:
The SHA-256 is merely a pointer... I wouldn't bother trying to crack it. Look at the running processes on the machine instead.
defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”
.
OSCE | OSCP | CRTE | GPEN | eCPTX | CREST CRT | GDAT | eCPPTv2 | GWAPT | OSWP | ECSA (Practical)
Root was fun, finding user was a pain checking out all the credentials.
guys, need help for user, I've usernames and passwords but it won't allow me to login on higher port.
If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )
Discord-cycl0ps#5219
Telegram-cycl0ps
My first own on both user and root!
User: This is the real struggle. Just dont give up, you are probably closer than you think.
Root: I may have done root wrong. It was too easy.
You are in the right path, but maybe you have to find the user who matches the passwords. @nospace
Watch the processes that will help you later.
@badman89
Spoiler Removed
Rooted , that was a good box.
Learned a lot about Power Shell. The below will help in searching all files to get something useful.
Get-ChildItem -Path (Your Path) -Recurse -File | Select-String (Keyword)
Rooted! Nice box.
User is all about enumeration.
Root is straightforward.
Hints in the current thread are sufficient to get you both.
Type your comment> @D4nch3n said:
I have the same problem, only found the k**.b file, did not find the l***.*n file, how to get the information I need?
Rooted, great box, pen-testing basics only
User: enumerate, crack, harvest, test your loot, find the missing pieces, all clues are there and here in the thread
Root: 10 minutes if you enumerate, nothing fancy
Happy to help if you tell me what you've already got and are NOT asking a question that's already answered in here
If I help you out, drop a respect, two clicks to say thanks, link below.
https://www.hackthebox.eu/home/users/profile/121966
Rooted
downloaded 4xx mb of file just for the pw
but it was fun!
Rooted, great box.
Thanks @Akl for that:
"Get-ChildItem -Path (Your Path) -Recurse -File | Select-String (Keyword)"
Feel free to PM if stack.
I seem to have a ruby issue any one know how to fix
/usr/lib/ruby/vendor_ruby/net/ntlm/client/session.rb:39: warning: constant OpenSSL::Cipher::Cipher is deprecated
/usr/lib/ruby/vendor_ruby/net/ntlm/client/session.rb:128: warning: constant OpenSSL::Cipher::Cipher is deprecated
cant seem to use either ruby script
have 3 cleartexts and 4 users but am stuck by this
I've had user for a week.. not sure what I'm looking for.. It might because of the shell i have, but my user doesnt have permissions to see running processes. looked in the both program file folders, nothing stands out. Can someone nudge me in the right direction.
Just rooted. Not sure what everyone meant by looking for a unique process.... I found an encrypted password somewhere that just needed to be decrypted...
For
user
:Does getting the right username requires guessing? I found 4 usernames and 3 passwords, tried all the combinations and none worked. (on the higher port)
I'm trying to do a username brute force for now.
Type your comment> @0x000c0ded said:
Check out a particular script from impacket that could help enumerate usernames.....
lo******d.p*
Edit: that worked, thanks!
I have one account with wich I can login on the two services now. Do I need more credentials to continue?
Can someone give me hint about privilege escalation?
I found the browser process... (only thing that stands out tbh) looked inside place where it stores data. However didnt find anything useful here except of few empty databases.
Is that browser process used to gain root? Did i miss something inside the place where it stores data?
PS. Some people are trolling this machine, few hours ago the data storage directory had changed permissions, so noone else could access it with user privileges.
Ok, HUGE hint.
You don't need to do anything with processes, do the same thing you did for user.
If I help you out, drop a respect, two clicks to say thanks, link below.
https://www.hackthebox.eu/home/users/profile/121966