Rooted, what a great box. Leant loads on this one so a massive thanks to the creator,
User hint : enumerate the obvious services and you will find some creds to use.
Root hint : This took me ages but look at the key service running on the box (the box name helps here) and the group membership of the user. Then google the service and how it can be configured from the command prompt. Dont give up on first attempt.
User: easy, just make sure you enumerate everything you can't see.
I did root both ways, first method: Look at the users and groups they belong to. From there you can leverage yourself.
Second method: easy script, nothing to add.
C:\Windows\system32>whoami
whoami
nt authority\system
C:\Windows\system32>cd C:\Users\Administrator\Desktop
cd C:\Users\Administrator\Desktop
C:\Users\Administrator\Desktop>type root.txt
type root.txt
im on 2nd user trying to execute the next step to root and hitting a wall for hours. if anyone can check my syntax or provide nudges offline I'd appreciate it
I am stuck with root. I tried the i******t ssr way. dc loads the file when the service is restarted, but i get no reverse shell to my nc. I triple checked everything mentioned here, arch etc. Can someone pm me and take a took a look at the commands I am using?
EDIT: Well, apparently I am stupid. Got a connection to nc now, but the shell dies instantly. Any nudges on that?
Needing some help with the privilege escalation part of the box. I am new to the pen-testing field. I understand the concepts but do not have any experience in the implementation of these concepts. Has of now all i have done is a smb server. Any pointers would be greatly appreciated. I have the user.txt needing help getting the root.txt. I would have PM'd some of you but unfortunately I do not understand the messaging side of htb. So please help.
got the user flag but been confused on what i should do next. i see the hints from other posts and i think i know what to do but not how to do it. can anyone give me a resource or website to reference
Just got root, what a fun box. I thoroughly enjoyed this one, even though I enumerated for a very long time to find 2nd user's information. I went to the wrong places many times. They definitely hid from me.
At the end i gor root (thanks to @holsick and @QHx5 for support me).
Host: just smb enumeration
root: find user that belongs to DN****min group and escalate by means of dll
If you need some help PM me!
@jen1025
Tips for root, watch all your options when creating payload - i verified my payloads were working independently on user using a famous "runner" for "libraries" that comes default on windows.
Comments
Rooted, what a great box. Leant loads on this one so a massive thanks to the creator,
User hint : enumerate the obvious services and you will find some creds to use.
Root hint : This took me ages but look at the key service running on the box (the box name helps here) and the group membership of the user. Then google the service and how it can be configured from the command prompt. Dont give up on first attempt.
Enjoy.
Nugget!
Fun box, had a good time with it.
User: easy, just make sure you enumerate everything you can't see.
I did root both ways, first method: Look at the users and groups they belong to. From there you can leverage yourself.
Second method: easy script, nothing to add.
Hit me up for more nudges.
PM if you need help
I have been looking for hours and cant find any info for 2nd user. Any help/nudge is appreciated.
im on 2nd user trying to execute the next step to root and hitting a wall for hours. if anyone can check my syntax or provide nudges offline I'd appreciate it
EDIT: rooted. Thanks to the author, learned a lot on this box
Finally Rooted..pheww
C:\Windows\system32>hostname && whoami
hostname && whoami
Resolute
nt authority\system
Ajjj! I have remote shell, user got, but dont know to try privesc
Anyone can PM me on the easy way to getting root? Rooted with the harder way, tried few modules for easy way, still couldn't get it.
Just rooted the box. PM me for nudges.
Awesome box - learned a ton. Thanks @Pin3apple for pointing me in the right direction.
OSCP | OSWP | so much more to learn ...
Rooted
Good box !
Anyone can PM me on the module of m******t used ? Is it : exploit/windows/l****l/d*_s*****************d ?
Thanks
can you guys please nudge me on the privesc ?
rooted, that was such a cool box.
getting root really helped me understand how the technique and attack path works
Is it just me or is anyone else constantly losing connection to this box?
I'm in the last step!!!! dont connect the reverse shell!! aaaaajjj thank you EvilT0r13 but I'm very dumb jajajajjajajajaj
Greetings,
I am stuck with root. I tried the i******t ssr way. dc loads the file when the service is restarted, but i get no reverse shell to my nc. I triple checked everything mentioned here, arch etc. Can someone pm me and take a took a look at the commands I am using?
EDIT: Well, apparently I am stupid. Got a connection to nc now, but the shell dies instantly. Any nudges on that?
EDIT2: root
rsolutd both ways
I've been able to get user, stuck on getting a reverse-shell on privesc
i even tried running my *ll using run****2.exe to make sure it works and it does! but nothing from the *ns service.
nudges appreciated
Needing some help with the privilege escalation part of the box. I am new to the pen-testing field. I understand the concepts but do not have any experience in the implementation of these concepts. Has of now all i have done is a smb server. Any pointers would be greatly appreciated. I have the user.txt needing help getting the root.txt. I would have PM'd some of you but unfortunately I do not understand the messaging side of htb. So please help.
got the user flag but been confused on what i should do next. i see the hints from other posts and i think i know what to do but not how to do it. can anyone give me a resource or website to reference
Rooted. Thanks @mza7a
HTB{HappyHacking}
Type your comment> @rand0char said:
pm me how you created the *ll file. Maybe I can help
Just got the root flag. PM for any nudges
Type your comment> @rand0char said:
the same as you..tried to load *ll both remotely and on local server. no difference.
Just got root, what a fun box. I thoroughly enjoyed this one, even though I enumerated for a very long time to find 2nd user's information. I went to the wrong places many times. They definitely hid from me.
Happy to assist, just PM!
rooted finally thanks @egre55 for the box.
At the end i gor root (thanks to @holsick and @QHx5 for support me).
Host: just smb enumeration
root: find user that belongs to DN****min group and escalate by means of dll
If you need some help PM me!
finally rooted. Got heaps of help from you guys. Anyone who wants some hint just PM me.
Rooted! thanks to @QHx5 for support
@jen1025
Tips for root, watch all your options when creating payload - i verified my payloads were working independently on user using a famous "runner" for "libraries" that comes default on windows.