Resolute

1212224262730

Comments

  • people are getting root on the device and i dont even know how to start already

  • Type your comment> @lancelai said:

    Hi, I am new. Enumerated a list of users and one password for m****. Any hints please? Stuck for a long time.. Can pm me..

    The discovered credentials may not be for the user it appears to be for!

  • I would appreciate a nudge with root on this one. Been at it for a while but can't seem to get the d****s program to reset the value of s****d*l with my own dll. I'm monitoring the share I setup and even though I can list the files from the remote box, the attack doesn't seem to work.

  • Type your comment> @reiez0 said:

    Type your comment> @lancelai said:

    Hi, I am new. Enumerated a list of users and one password for m****. Any hints please? Stuck for a long time.. Can pm me..

    The discovered credentials may not be for the user it appears to be for!

    Ah ok.. I typed the wrong username and finally got it. How about the hints for 2nd usr?

    image

    Be happy, always

  • Type your comment> @reiez0 said:

    I would appreciate a nudge with root on this one. Been at it for a while but can't seem to get the d****s program to reset the value of s****d*l with my own dll. I'm monitoring the share I setup and even though I can list the files from the remote box, the attack doesn't seem to work.

    Phew. Finally rooted! Now I have clearance to go and bang my head against another box :smile: . Thanks @eviltor13 for checking in with me on this!

  • @securityp1IVIp said:

    I believe I am in the exact same situation.
    Can anyone provide a nudge as to what I may be missing?

    Short of giving spoilers:

    1) check the syntax is correct.
    2) make sure your payload is correct
    3) if you are on a free box, other users might be trying to exploit the same time as you
    4) make sure you serve your payload correctly

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • who is willing to help me on my way with root/admin...
    user i got... please help :blush:

  • Type your comment> @unethicalnoob said:

    Just got root! My first Windows machine!
    User1 : Basic Enumeration
    User2 : A lot more easier. Just follow your instinct. as easy as reading a file.
    Root : Did the easiet way using m***s****t module, will try hard method.
    Thanks to @kkaz @grav3m1ndbyte @noi for the help
    DM for hints.

    I got the creds for the second user. Please can you PM me the metasploit module you talked about. Thanks

  • Need help with the metasploit module already talked about in this group. unable to get through with the dll. I have my r*** user creds. Nudge please.
    PM

  • Rooted!
    PM for hints.
    Discord -
    fashark#5862

  • DNS Server failed to reset registry property.
    Status = 5 (0x00000005)
    Command failed: ERROR_ACCESS_DENIED 5 0x5

    ??? logged in as m**** using s**s****** and SHARE ???

  • Type your comment> @Ric0 said:

    DNS Server failed to reset registry property.
    Status = 5 (0x00000005)
    Command failed: ERROR_ACCESS_DENIED 5 0x5

    ??? logged in as m**** using s**s****** and SHARE ???

    wrong servername.. and now ..

    DNS Server failed to reset registry property.
    Status = 1722 (0x000006ba)
    Command failed: RPC_S_SERVER_UNAVAILABLE 1722 0x6BA

    a few pages earlier was pointed it might be path problem? I double cheek wit dir and my share is connected. I am confused. Any nudge where to look for?

  • Wait... there is an alternative "easy" way to root this box? :open_mouth:

    Watskip

    < Soli Deo Gloria >

  • Rooted
    2 different methods.
    Nice machine.

  • Type your comment> @Ric0 said:

    Type your comment> @Ric0 said:

    DNS Server failed to reset registry property.
    Status = 5 (0x00000005)
    Command failed: ERROR_ACCESS_DENIED 5 0x5

    ??? logged in as m**** using s**s****** and SHARE ???

    wrong servername.. and now ..

    DNS Server failed to reset registry property.
    Status = 1722 (0x000006ba)
    Command failed: RPC_S_SERVER_UNAVAILABLE 1722 0x6BA

    a few pages earlier was pointed it might be path problem? I double cheek wit dir and my share is connected. I am confused. Any nudge where to look for?

    NVM.
    Do not make my mistake and DO NOT rush bypassing things. Take a breath, take a few steps back.

    User1 (initial foothold)-> User2 -> User3 (I f**ed up - juicy staf is realy hidden)->ROOT

    Still fighting with syntax :-/

  • Type your comment> @Ric0 said:

    Type your comment> @Ric0 said:

    Type your comment> @Ric0 said:

    DNS Server failed to reset registry property.
    Status = 5 (0x00000005)
    Command failed: ERROR_ACCESS_DENIED 5 0x5

    ??? logged in as m**** using s**s****** and SHARE ???

    wrong servername.. and now ..

    DNS Server failed to reset registry property.
    Status = 1722 (0x000006ba)
    Command failed: RPC_S_SERVER_UNAVAILABLE 1722 0x6BA

    a few pages earlier was pointed it might be path problem? I double cheek wit dir and my share is connected. I am confused. Any nudge where to look for?

    NVM.
    Do not make my mistake and DO NOT rush bypassing things. Take a breath, take a few steps back.

    User1 (initial foothold)-> User2 -> User3 (I f**ed up - juicy staf is realy hidden)->ROOT

    Still fighting with syntax :-/

    ROOTED!
    Took a break. Looked at the code again. 2 minutes and it f***ing happened!

  • Hi, I'm trying to raise privileges with d **** d, but it doesn't load the dll file, either remotely or locally. I followed step by step instructions on google but it doesn't load the file. Any ideas. Thanks

  • Wow, this box made me feel so stupid 😂 finally rooted thanks to hints from @c4ph00k (thanks!).

    Some hints (although they have all been in here, I guess):

    User: enumerate, enumerate, enumerate and then enumerate some more. Think like a lazy person.

    Root: enumerate more. Even more. Things might stay hidden from you if you don't. The final step was new to me but is a very nice trick up my sleeve.

    Learned a lot, thanks to @egre55 for this box

  • Alright. I've got the root flag the easy way but it seems from the posts in this thread that there is an alternative method which involves d**. I am definitely revisiting this box at a later point. If anyone can give a nudge on the d** method that would be great.

    There's a lot for me to learn from this box, especially the path from user r*** to root. I don't entirely understand why the easy way works either!

  • Yay! Finally rooted after some weeks of banging my head against every wall I could find! :blush:
    Thanks to @egre55 for this machine. I learned a lot which will hopefully come in handy in my pentesting activities ;)
    Users were easy to get to.
    Root was pretty tough if you don't know what to look for. So I guess, all those recommendations to enumerate more and more and then even more are somehow right :lol:
    However, once you find it, rooting is pretty easy in principle, though there are a few nice little hurdles to get past.

    I've read some posts here mentioning two ways to root, one using D** and the other m*******t? I wonder which of these is considered the easier way. I used D** and did not find it particularly hard...

  • edited March 2020

    Totally stuck on the I******t route trying to run D**-*****R on resolute.."Could not load file or assembly '5120 bytes.." An attempt was made to load a program with an incorrect format" .

    Guessing I'm missing something when I'm trying to create the d**..

    Anybody else run into this?

    Edit: nevermind..figured out what I was doing wrong.

  • So I have user 1 and user 2. Interestingly that is something I normally look for when doing forensics at work, but for some reason (or was it location) this completely slipped my mind.

    Does our well know green veggie tool do recon for that file normally?

    I now have the path for root, I think I'll leave it until the evening though.

  • Rooted!
    Accidentally started all port scan on nmap, and got the User1 even before the scan finished :lol: .
    Loved this box though! <3
    PM for nudges if you need em :smiley:

  • Rooted! Excellent and very straightforward box!

    For those on root having the RPC issue, just don't copy / paste article content stupidly, try to understand what you are doing and what is necessary or not ;)

    Feel free to ask for tips!

    OSCP, OSWP, GCIH, CEH, Security+, VHL Advanced+

    https://www.phrozen.io/

    Hack The Box

  • Rooted! Man, what a rush. This is a loot of fun. Kudos to the creators! That root thing is cool. I'm learning quite a bit.
    Shame I still need the nudges in this forum, but part of the process I guess.

    As many has said before: As always the first steps are enumerate, enumerate and then dig some more until you find the juicy stuff. Then ask yourself who you are.
    A google search got me the last part after some tinkering with the suggestions.

  • edited March 2020

    Hey all.

    Is there a good command to detect the platform architecture of the box. Everything I've seen suggest failed with "Access Denied"

    Edit* Got root, was using the wrong architecture and wasn't hosting my own DL. Saved by smc****t.py

  • Hey everyone, new to HTB and was wondering if I can get some help. I got the first user flag, no idea where to go next. I would really appreciate some help.

  • Would someone PM me irt e***-w****? I haven't been able to connect and keep getting the same error: EHOSTUNREACH happened, message is No route to host - No route to host - connect(2).

    I tried to connect on the port I think it wants as well as the other high ports.

    I can do a full n*** scan of the machine and connect with m***** with i******* s**c*****.

  • Hey all! Finished rooting this box a while back, am just now posting here because I feel more comfortable with Windows machines.

    This (plus Monteverde, Nest, and Forest) personally have been great teaching tools for learning Windows, so thanks to @egre55 for making this!

    My hints:
    User: Couldn't have been simpler. Stick to the basics. As for who, dig a little deeper as to what everyone can do.
    Root: This was quite a challenge, try to find what any normal user would miss. Then, take a look again at who you are. Surely you can do something with it...

    Also I want to share these resources for Windows AD/LDAP, as this was new to me:
    https://troopers.de/downloads/troopers19/TROOPERS19_AD_Fun_With_LDAP.pdf
    https://adsecurity.org/?p=3658

    Feel free to pm me for any hints or nudges!

    ChefByzen
    If I helped you out at all, feel free to click my badge and give +1 respect!

  • Finally rooted this machine. It was fun, thanks @egre55 for making this box.

Sign In to comment.