Multimaster

12467

Comments

  • for root: order french fries and use the bar code, it works!

    peek

  • edited April 2020

    Finally got user - only because of some nudges from @MariaB and @metuldann !

    This is an insane box.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited April 2020

    removed

  • Rooted. User part was difficult than root part. But root part was long

    Hints:
    Foothold: Abuse *pi functionality with well-known OWASP attack and bypass WAF
    User1: Enumerate with what you have in order to get what you need
    User2: look who you are and which processes are running
    User3: Reverse it
    User4: Standard AD Attack with imp*****
    Root: Standard windows privilege escalation

  • Type your comment> @gurbanli said:

    Rooted. User part was difficult than root part. But root part was long

    Hints:
    Foothold: Abuse *pi functionality with well-known OWASP attack and bypass WAF
    User1: Enumerate with what you have in order to get what you need
    User2: look who you are and which processes are running
    User3: Reverse it
    User4: Standard AD Attack with imp*****
    Root: Standard windows privilege escalation

    Oh god.. Im so stupid, I had user3 all along.

  • Well, what a machine. Full 2 days for User!!!!. @TazWake thank you for timely and accurate nudge there. Cant imagine how hard would root go...

  • @nav1n said:

    Well, what a machine. Full 2 days for User!!!!. @TazWake thank you for timely and accurate nudge there. Cant imagine how hard would root go...

    It's a genuine pleasure to have been able to help you - I've learned a lot from your posts.

    In the end, I decided I needed a break before root :smile: I ran out of steam completely!

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • User flag was fun. Finding the right comb took some time tho.

    I'm now stuck, I think I know where I need to go, D**********, but I don't know how to get there. I could use a nudge, I suck at Windows. :(

  • rooted, very good to learn active directory, powershell and a bit of python

    peek

  • Got root. I really need to work on my scripting.

    Thanks to @peek for the nudge!

  • Type your comment

  • Finally Rooted.

    It is an INSANE machine. You will need to jump many hoops before you can even think of getting either of the USER or ROOT.

    Patience is the key with this box. You'll be able to enumerate without much issues but boy oh boy you need a fuck-ton of patience.

    Hit me up if you need help.

    DISCORD: jtnydv#5773

  • edited April 2020

    Can someone please DM me some hints/articles to read how to bypass the WAF.

  • Finally got User. Had to go do a bunch of other boxes and come back a month later but I'm glad I did. This is easily the hardest user flag I've done so far

    Anuragd

  • edited April 2020

    Got user. What a journey. Many thanks to @velocicat and @lesleybw for helpful articles.
    Root now.

    Edit: Rooted. That was awesome box. Many thanks to @MinatoTW and @egre55 for such a enjoyable and painful journey. I learnt a lot. Thanks @zeeshansahi for the nudges.

  • Hi
    got 4 hashes but stuck at cracking them. Any hint on them?

  • Spoiler Removed


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • edited April 2020

    I am completely lost getting from user1 to user2. I think I found an exploit using the c******g tool but thats become a no go because its raising an av alert. Can anyone help with a nudge?

    EDIT: FInally rooted. Painful but educational box. Thanks @MinatoTW and @egre55 for a great experience

    Anuragd

  • Finally rooted! Thanks @egre55 & @MinatoTW for such a nice box.

    Long journey to root but effort is really rewarding. For nudge please DM.

    And thanks @MariaB for sharing article on user enumeration.

  • After 3 days of struggling @0F0Bh and I finally managed to root this one.

    Hats off to the creators!

    Thanks to @MariaB for some sanity checks along the way :smile:

    User: Don't let that WAF scare you too much.
    Way to root: What are other people doing on the machine?

    Hack The Box

    CEH | OSCP

  • Hardest box I've ever rooted took a full week and a lot of help. Thanks to @MariaB, @metuldann, @zeeshansahi, and @nasri136TH - you guys are great! @gurbanli advice above was memorized over the past few days getting through this - great overall guide. Lots of enum and users to get before the easier ending. Just enum everything new with each new user remember preauth isn't ineradicable.

  • RooTed ... need hints ?? ping me on discord icoNic#0097

    Arrexel

  • edited April 2020

    RooTed ... need hints ?? ping me on discord icoNic#0097

    Arrexel

  • WTF

    this box was really greate > @gurbanli said:

    Rooted. User part was difficult than root part. But root part was long

    Hints:
    Foothold: Abuse *pi functionality with well-known OWASP attack and bypass WAF
    User1: Enumerate with what you have in order to get what you need
    User2: look who you are and which processes are running
    User3: Reverse it
    User4: Standard AD Attack with imp*****
    Root: Standard windows privilege escalation

    this were all the hints that I needed I just want to add the initial foothold. You will need to write some scripts.

    Thx I learned a lot!

    PS: when you own this box you got the name

  • Managed to get user. Now stuck on lateral movement, any hints would be appreciated for this stage.

    alt text

  • edited April 2020
    If anyone managed to bypass AMSI on the machine, please let me know how you did that :)

    (this is not related to the solution of the machine.. I’m just generally curious if anyone found a way!)

    Kind regards

    edit: got an answer for the bypass.. thank you all :)
  • Root dance yesterday! What a journey! This has been the longest path to root ever! I learned a ton of stuff and rooting this beast was not easy... So my hints and thanks are:

    • foothold: find a way to bypass the WAF
    • crack those hashes (thanks @Chr0x6eOs and @idomino for reminding me that yes, they are crackable, under 5 sec BTW)
    • user 1: enumerate the AD. Thank you @APD1970 for sharing that article!
    • user 1 to user 2: Thanks @phate890 and @nasri136TH for the nudges and @PwnAddict for sharing that article. This was new to me and I overcomplicated stuff a lot. A week break helped me to see this through. I used some of that pizza and I finally got it :)
    • user 2 to user 3: Enumerate. To which folder you have access now? Anything that sticks out (filename and date)?
    • user 3 to user 4: Send the dog out and google as handy scripts will be blocked
    • user 4 to root: typical

    So a big thanks to the creators!

  • Finally rooted after a week!
    First two steps were really insane but also a great learning opportunity.

    Thanks to creator for such a great box @egre55 and @MinatoTW
    Also thanks to @zime and @Skunkfoot for the nudges.

  • edited April 2020
    Pm me if anyone needs help on this
  • Hi guys so the last 2 days all I have done is read about wafs and how they work.
    I can see 17 users to start with. I have also run a bypass using a ww tool but I am not getting anywhere.
    @MariaB I would appreciate if you can share the article with me as learning is more important than actually getting any flags for me.
    Any hints or articles will be taken with open arms.

Sign In to comment.