Resolute

12425272930

Comments

  • Hi guys. I need a little help with root.
    Been stuck on this for long hours. Everytime i run dnscmd for reverse shell, I get connectionreset.
    Please help!

  • finally got root. nice box. used the d** method . took a while for me to find that payload but i learned something new

  • Type your comment> @rand0char said:

    Rooted! thanks to @QHx5 for support

    @jen1025
    Tips for root, watch all your options when creating payload - i verified my payloads were working independently on user using a famous "runner" for "libraries" that comes default on windows.

    Oh thank you I didn't understand why my payload didn't work.
    I didn't know the -i option.
    Finally got root.

    Don't forget respect if I helped you ;-)
    https://www.hackthebox.eu/home/users/profile/268383
    spli619

  • Type your comment> @spli619 said:

    Type your comment> @rand0char said:

    Rooted! thanks to @QHx5 for support

    @jen1025
    Tips for root, watch all your options when creating payload - i verified my payloads were working independently on user using a famous "runner" for "libraries" that comes default on windows.

    Oh thank you I didn't understand why my payload didn't work.
    I didn't know the -i option.
    Finally got root.

    Glad I pointed you in the right direction even if by accident!! the "i' in my post actually belongs to " i verified " not "- i" :smiley:

    If the -i helped i'm assuming you went with the "local" payload route. would be interested in seeing how you did it and discuss other ways of evasion. PM if thats cool with you

  • @GSock14 said:
    Hi guys. I need a little help with root.
    Been stuck on this for long hours. Everytime i run dnscmd for reverse shell, I get connectionreset.
    Please help!

    not certain this is the issue .. but is your listener capable of handling the type of payload used ? PM some more details for a nudge

  • C:\Windows\system32>whoami
    whoami
    nt authority\system

    Rooted ! :)

  • Hi, I have been stuck on root for afew days. I have tried to elevate using 2 different dll files but think i may be missing some steps inbetween as with my current user im not able to put the files in the correct locations. Can someone give me a hint. Thanks

  • Root complete. thanks for a fun box!

  • edited April 2020

    Really fun and straight forward box!

    C:\Users\Administrator>whoami
    whoami
    nt authority\system
    
    C:\Users\Administrator>dir Desktop\ 
    dir Desktop\
     Volume in drive C has no label.
     Volume Serial Number is 923F-3611
    
     Directory of C:\Users\Administrator\Desktop
    
    12/04/2019  06:18 AM    <DIR>          .
    12/04/2019  06:18 AM    <DIR>          ..
    12/03/2019  08:32 AM                32 root.txt
                   1 File(s)             32 bytes
                   2 Dir(s)  30,963,376,128 bytes free
    
    C:\Users\Administrator>
    

    Feel free to PM me, but please ask good questions: https://www.shorturl.at/fmAX6

  • Finally got root!
    My hints for it ( without repeating other people's super useful hints)
    Second user: I was trying to be smart by scripting my enumeration, but forgot to look for EVERYTHING when doing so (what you can see with naked eye and what you cannot).
    Root: when loading the payload remotely, make sure you're in the right place (it seems like pwsh needs to 'see' the content first, before it can load things from a remote location)

    Hope this helps people still struggling with the machine, I enjoy it and learned a LOT from it. Thanks @egre55

  • edited April 2020

    I've gotten root this morning so this is just my mini review and hints for how to root it yourself

    The box was really fun, i really liked the Privilege escalation as it was my first time doing something like this! I honestly wouldn't even consider the box a medium box, an easy box just because how easy user was, but it all depends on how much you know beforehand.

    Hints:

    User: Don't script or anything, manually enumerate everything, not only are you gonna learn more this way but also find your way onto root, once you've found something interesting about an user, see if, said interesting thing can apply to other users.
    User 2: Couldn't be simpler, just look around in the filesystem, start at C:\ and continue.
    Root: Reflect on what you can do.

    Thanks for reading! hope you get root! i believe in ya peeps!
    DM if you're still stuck.

    Feel free to PM me, but please ask good questions: https://www.shorturl.at/fmAX6

  • Rooted D** way, very nice box.
    What about the m********t module? PM me plz...

  • edited April 2020

    If anyone is awake and out there i could use some assistance on root. think i have the path i need but haven't been lucky yet.

    I can elaborate more on my methods so far, just PM me please.

    Thanks in advance!!

    Command failed: RPC_S_SERVER_UNAVAILABLE 1722 0x6BA.......still

    JMFL

  • edited April 2020

    Rooted!

    root part was tricky, big thank's to @EvilT0r13 for support

    feel free pm for nudge

  • Rooted, thanks for this machine. :)

    alt text

  • finally rooted.
    but tbh, i didnt know what service i could exploit until i read the forum.
    can someone tell/pm me how he figured this out?
    thanks :)

    e-nigmaNL

  • got first user.... then p/w for second user..... struggling to get root ...

  • Wow, waste too much time, thinking there was something wrong with my payload creation...

    C:\Windows\system32>whoami
    whoami
    nt authority\system
    

    Finally !

    hint for root : be quick at the end !

  • Type your comment> @Bokanovitch said:

    Wow, waste too much time, thinking there was something wrong with my payload creation...

    C:\Windows\system32>whoami
    whoami
    nt authority\system
    

    Finally !

    hint for root : be quick at the end !

    got it....your last hint is why it didnt work at first for me then I found the clue that said why to be quick :)

  • Anyone available right now that can help me out? So close to getting root but something is just off... Want to run my process/*** payload/commands, etc by someone and see if the box is messed up or if it's me. Discord is SullyInATX#4126.

  • Finally got Root! Thanks to @guanicoe for nudging me in the right direction.

  • Hey guys if someone can give me a hand.
    ive tried with ldapsearch but i didnt find the password of the first user am i on the right path ???

  • got root but tried to replicate if again but cant seem to repeat this time, does seem inconsistant
  • Rooted. Really fun machine that I learned a lot from.

    For that other user, not everything is immediately visible...

    I would really appreciate anyone sharing their enumeration tips as to how the root path was uncovered via PM. A friendly green vegetable didn't reveal that...

  • After 2 days finally rooted that box. Biggest challenge for me was using Powershell with those brain-damaged Get-ChildItem. And finding way to compile Windows DLL on Linux. Great box though, very entertaining and real-life feeling. Thanks a lot @egre55

    sparrow1

  • Rooted, onto Cascade! PM for nudges/help. Respect greatly appreciated (and expected, as I give respect to anyone who responds to one of my messages or helps me on Discord - profile link is https://www.hackthebox.eu/home/users/profile/121809).

  • Really cool box. Especially if you're new to Medium level boxes, this would be a comfortable start.

    HInts!

    User: If you've done boxes Active, Sauna and Forest, follow the same methodology and READ EVERYTHING!
    Root: Enumeration is key. look for not so obvious files then look at who you are on the box.

  • I would appreciate some nudge here, second user ok, I can see this guy is in d*s***** group, so i prepared my d** with **f****m however I cannot take it to the machine, Doesn't seem the AV at all, I tried to upload it with http and smb but nothing, any hint here? thanks!

    Discord f3rn4nEC#1581
    Twitter @f3rn4nEC

  • Or in the other case, which module of m**c****** should I use!

    Discord f3rn4nEC#1581
    Twitter @f3rn4nEC

  • @aldebaransec said:

    I would appreciate some nudge here, second user ok, I can see this guy is in d*s***** group, so i prepared my d** with **f****m however I cannot take it to the machine, Doesn't seem the AV at all, I tried to upload it with http and smb but nothing, any hint here? thanks!

    smb is your friend here.

    Dont try to upload it and store it on the server, have the service call it.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

Sign In to comment.