Resolute

1222325272830

Comments

  • Rooted this box, all good except the DL* part, just be careful about A/V, try to use reverse_shell "NOT" meter or exec, I got busted with other types.

  • just rooted !!!
    really fun box even that I'm not very good with windows stuff but the box was worth the shoot amazing work
    ping me for help !!!

  • I am having trouble serving the file correctly. Could someone PM me

  • edited March 2020

    Hi guys. I'm in right way I think but stuck in real dumb point. I have to pass a d** file into the machine, I am using smbs****r but machine in dns**d it seems like can't catch, when instead I use Get-Content, dir or copy I can see the connection in the log of smbs****r. Can somebody be so kind to help me please?

  • I'm using ms*****m to create the d**. I get a message that the AV has blocked my command. I tried running the same command again, just to check and I from then on I get no error message (no success message either) just all the usage commands for d*****. I think there's a issue with the connection to the I*******-S********. Can anyone give me a nudge on this please?

  • Type your comment> @therealnnihfe said:

    Hi guys. I'm in right way I think but stuck in real dumb point. I have to pass a d** file into the machine, I am using smbs****r but machine in dns**d it seems like can't catch, when instead I use Get-Content, dir or copy I can see the connection in the log of smbs****r. Can somebody be so kind to help me please?

    Same issue. It worked once and AV caught it. Now I cannot see any connections being made to the s**s*****.

  • edited March 2020

    hi guys!
    This is my 1st week on htb and the 2nd windows machine I work with, and I'm completely stuck at the very beginning...
    By means of e***4****x I enumerated a bunch of users, whose credentials I tried to break using password=name or surname in
    kerberos
    smb
    winrm
    but I got no luck.

    Any hint by PM on how to get credentials, please?
    Thank u SO much!

    EDIT: I completely misread some juicy information #facepalm

  • Rooted
    It was easy at the start (non-admin users) but the root part was brainfuck for me. Overall, this box was fun to play.

  • finally got this box,
    Easy and nice

  • Type your comment> @glezo1 said:

    hi guys!
    This is my 1st week on htb and the 2nd windows machine I work with, and I'm completely stuck at the very beginning...
    By means of e***4****x I enumerated a bunch of users, whose credentials I tried to break using password=name or surname in
    kerberos
    smb
    winrm
    but I got no luck.

    Any hint by PM on how to get credentials, please?
    Thank u SO much!

    EDIT: I completely misread some juicy information #facepalm

    What does not work for a user it might work for the others

  • Just rooted. This is my first root on an active machine with zero help. Super fun and I learned a lot. Thank you @egre55 for the box.

    b0ssk

  • What an intense box. Learned a ton!

    C:\Users\Administrator\Desktop>whoami
    whoami
    nt authority\system
    
    C:\Users\Administrator\Desktop>
    
  • edited March 2020

    Finally done. Thank to b0ssk for some interesting hint! Great machine, learned so much

  • Finally rooted! Learnt a lot of things on this box.
    I used ms*****m to create the d** , I*******-S******** and dn****. Can anyone PM me on how you solved this the easy way with m*******t? I tried a few things initially but wasn't successful with this. Thanks in advance!

  • edited March 2020

    Hello,

    I am now connected to WinRM and able to run the dog tool but I have not been able to copy the generated zip file back to my Kali. I got errors trying to use "Copy-Item". Could someone please give me a hand on that? I have tried other options as New-SMBShare but I don't have permissions.

    Not sure how to retrieve that file to run the l*** analysis.

    pp123

    Edit: NVM, I got it after checking some ippsec's videos.

  • edited March 2020

    Hummm I'm completely stucked here...
    I think I shall upload a payloaded d-- and compromise the d--c-d program, but, no matter how I generate the payloaded d-- with m--v---m, the AV keeps detecting it.
    Any word of advice by PM, pleeease?

  • edited March 2020

    This is second attempt at hacking a box and im still learning all the tool sets and how to use them. I have found what I believe to be the correct command for a payload, but would like someone to help me better understand how it works. I have not been able to get it to work yet, but im pretty sure it is correct.

    Full disclosure...I feel I got most of this box on my own, but being so new to this...I did have to find a tutorial on this last part...and now just want help understanding it.

    Please PM me if your willing to hear my thoughts on this code and then telling me where my logic if flawed.
    Thnx

    Arrexel

  • Type your comment> @glezo1 said:

    Hummm I'm completely stucked here...
    I think I shall upload a payloaded d-- and compromise the d--c-d program, but, no matter how I generate the payloaded d-- with m--v---m, the AV keeps detecting it.
    Any word of advice by PM, pleeease?

    I think im in the same boat as you. Cant seem to get my privilege escalation to work. How do you know its the AV that keeps detecting you? Is there something you are checking or see that states the AV picked it up?

    Arrexel

  • I can no longer connect to winrm. Took a couple weeks off the box so perhaps something was changed, or maybe something wrong on my end? I have the valid user/pw combo for the two users and previously had been using the evil tool to connect to the box successfully (with both the aforementioned users). Just trying to work on root privesc.

    I reset the box a couple times to no avail. If someone knows what's up please shoot me a msg, thanks.

  • Type your comment> @bodyrot said:

    I can no longer connect to winrm. Took a couple weeks off the box so perhaps something was changed, or maybe something wrong on my end? I have the valid user/pw combo for the two users and previously had been using the evil tool to connect to the box successfully (with both the aforementioned users). Just trying to work on root privesc.

    I reset the box a couple times to no avail. If someone knows what's up please shoot me a msg, thanks.

    I can confirm the evil tool is still working to connect as I have been using it all day trying to get root.

    Arrexel

  • edited March 2020

    Mouse51180 said:

    I can confirm the evil tool is still working to connect as I have been using it all day trying to get root.

    Thanks for letting me know, maybe it has to do with me switching servers earlier in the day.

    EDIT:
    Haha, wow. Note to self. Take better notes and thoroughly read the help blurb for tools. Was using -ip flag for the ip instead of -i. YEEEESH! Anywho, crisis averted.

  • Type your comment> @Mouse51180 said:

    Type your comment> @glezo1 said:

    Hummm I'm completely stucked here...
    I think I shall upload a payloaded d-- and compromise the d--c-d program, but, no matter how I generate the payloaded d-- with m--v---m, the AV keeps detecting it.
    Any word of advice by PM, pleeease?

    I think im in the same boat as you. Cant seem to get my privilege escalation to work. How do you know its the AV that keeps detecting you? Is there something you are checking or see that states the AV picked it up?

    Hey!
    My d-- files keeps being deleted.. so.. there's a really funny user, or, more likely, the AV is cathing the payloaded d--, no matter what I try.

  • edited March 2020

    Rooted! :smiley: Hoorray!!!

    C:\Users\Administrator\Desktop > getuid
    Server username: NT AUTHORITY\SYSTEM
    C:\Users\Administrator\Desktop > dir
    100444/r--r--r-- 32 fil 2019-12-03 16:31:54 +0100 root.txt

  • edited March 2020

    Wow! Finally rooted!! :smiley:

    The user.txt has been challenging because I didn't enumerate enough initially ;-)
    The root part has been super easy once found the right m***s****t module!

    By the way, I also tried the D** Inj******* method but had troubles with the AV; I'd be really interested if someone could please explain how to bypass it...

  • Root Owned!
    Thanks to @EvilT0r13 for helping me at the last parts. Got a new tool in my arsenal to use now.

    Arrexel

  • When i run d*md command it does not contact my smbserver do not know why but stuck here. I have everything to get root but can't get my D to resolute. Any help would be very much appreciated.

  • Hey all!!
    I can't get my privilege escalation to work and i don't know why, i did :
    d** i******n through d****d ,payload generated with m*****m.Everything seems working normally but it just doesn't give m****** user the access :neutral: . Any help please ??

  • Rooted it now. I tried the same technique for privesc several times and it didn't work at first but after the 7th or 8th time it worked out. Does anybody know why?

  • I have access to the machine with the user m.... and read on some post here they needed to search on C:\ but I don't know what to look for.. Can you give me some tips

  • I got the same issue @DeadFish could you pm me when you find the solution ? or any could nudge me please

    guanicoe

Sign In to comment.