Remote

1242527293035

Comments

  • edited May 2020

    Thanks for the tip @0xFFensvDfndr ! I used it to get the root txt but unsure how to actually get a session as Admin, do you mind PM'ing me how you went about this?

    Edit: Cancel that, I spoke too soon. It seems like the command param that I use just doesn't seem to work, tried every possible syntax. Could it be the newer version of this 'Mushroom'?. Further tests and I'm pretty sure the Mushroom isn't working. Can you PM me to help me trouble shoot?

  • My user.txt and root.txt seems to be invalid. Anyone else faced the same issue submitting the flags?

  • @kryptonbot1986 said:

    My user.txt and root.txt seems to be invalid. Anyone else faced the same issue submitting the flags?

    its been mentioned a few times in this thread.

    You should have submitted the user flag as soon as you got as the flag changes every time the box is rebooted.

    If you are getting the flags from a clean reboot and they aren't working - you can try the tips mentioned elsewhere or report it to HTB via Jira.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited May 2020

    Hello,

    I found U******o, then I realize the mount part but after enum so hard, I swear I've open all possible files, can´t get any file of interest wich help me to the CVE.

    Some nudge?

  • Type your comment> @89jase said:

    Thanks for the tip @0xFFensvDfndr ! I used it to get the root txt but unsure how to actually get a session as Admin, do you mind PM'ing me how you went about this?

    Edit: Cancel that, I spoke too soon. It seems like the command param that I use just doesn't seem to work, tried every possible syntax. Could it be the newer version of this 'Mushroom'?. Further tests and I'm pretty sure the Mushroom isn't working. Can you PM me to help me trouble shoot?

    Let us know how that goes please. Paddling down the same creek here.

    Hack The Box

  • Rooted. Good machine, really helped me with learning more about Windows enum. Used the u****c method. Stuck for a long time just fixing bad syntax, but in the end the method I used wasn't overly complicated.

  • Type your comment> @yannizZz said:

    Type your comment> @DanielNull said:

    Hey,
    I am not looking for any hint at all, (tired of this) I am asking the people who are more familiar with Windows pen-testing.
    Is there any book/course that I can learn about the Windows environment and its services? Or experience is the key here?
    Thanks 🙏
    Highly appreciated.

    thumbs up
    I'd love something like that as well

    https://www.amazon.com/Windows-Internals-Part-architecture-management-ebook/dp/B0711FDMRR/ref=sr_1_1?crid=XQT77A8GHKHP&dchild=1&keywords=windows+internals&qid=1588406434&s=books&sprefix=windows+,stripbooks-intl-ship,337&sr=1-1

  • Did they ever release part 2 of that? I got part 1 back in 2017 but just had a look on amazon and it says part 2 was released in April this year but it also says it hasn't been released yet :s

    Also I will say that these books are very in depth and not really for beginners. I also don't know if they'd be that much use for general pentesting stuff really. They're mostly all about how the OS works at the kernel level, so if you're going to be specialising in discovering exploits in that area then definitely grab a copy, but lets face it most of us are not doing that.

  • edited May 2020

    Hey folks, I started this machine today. I got the user after a couple of hours. I am stucked rooting it.

    I have the low priv shell but when I execute any ps batch file or command I get no text prompt, it just stays empty(no error) or just crash the shell. So I can upload things but not execute them so it is kind of weird: the shell is useless!

    I would appreciate any hint or just to know if anyone is having this issue...

    Update*****

    Rooted at last !

  • @VbScrub said:

    Did they ever release part 2 of that? I got part 1 back in 2017 but just had a look on amazon and it says part 2 was released in April this year but it also says it hasn't been released yet :s

    I've been wondering about this. I have (had?) it on pre-order and while the website says released 23 April, it also says out of stock and I certainly don't have my copy yet (nor any emails from Amazon but I assume they are fairly messed up right now).

    (and, as well as discovering exploits, it's a pretty damn good set of books if you need to do forensics on Windows machines).

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Hint decrypting hashes!
    I've found the strange dangerous file and some hashed creds.
    Having no joy getting anything from these...

  • @bobthebadger said:

    Hint decrypting hashes!
    I've found the strange dangerous file and some hashed creds.
    Having no joy getting anything from these...

    All the ones I found on this box should crack.

    If this is working towards user, and its from a the U******.*** file then you need to be careful which characters you extract but you do get confirmation on the format.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • I like that box, I didn't solve it by T***V**** ,although I got it's ID and Pass but didn't figure how to continue that way .. So please If any one can PM for that path will be very appreciated .. Thanks for the creator .. I can say that box is one of real cases outside really.

    Drxxx
    I wouldn't mind some +respect if I helped you ;)

  • I got the following error after running the script from github ( Already obtain the user and pass)

    VIEWSTATE ... TypeError: 'NoneType' object has no attribute 'getitem'

    tried syncing the clock but couldnt get the script. Any hints?

  • [SC] StartService FAILED 1053 . Any dude have this question?

  • Well that's it....I will be cancelling my paid subscription as this is now the second box in a row that is so dog slow you can't even access it.....can't even access the web page (server took too long to respond).

  • Type your comment> @WarrenVos said:

    Well that's it....I will be cancelling my paid subscription as this is now the second box in a row that is so dog slow you can't even access it.....can't even access the web page (server took too long to respond).

    Make sure you have no disruptions in your vpn connection. usually when i notice slowness or stuff timing out, my ovpn log shows some issues.

  • Type your comment> @Ninkasi said:

    So for anyone who had the clock skew issue, or the error I'm getting below and managed to go on to get user/root... please help!

    I've corrected the clock skew so I am perfectly in-sync with the target:

    Host script results:
    |clock-skew: 0s
    | smb2-time:
    | date: 2020-04-06T20:07:26
    | start_date: N/A

    But unfortunately still getting this error when I run the script...

    Traceback (most recent call last):
    File "1.py", line 53, in
    VIEWSTATE = soup.find(id="VIEWSTATE")['value']
    TypeError: 'NoneType' object has no attribute '__getitem'

    Thanks,

    HEllo, How did you solve this?

  • edited May 2020

    Stuck on root......anybody willing to give a nidge? The unintended way doesn't work (error 1503.....and I can't find any esploits/priv esc etc related to the TV :-(

    EDIT:

    After struggling with the box and it dying all the time I finally rooted it

  • Type your comment> @WarrenVos said:

    Stuck on root......anybody willing to give a nidge? The unintended way doesn't work (error 1503.....and I can't find any esploits/priv esc etc related to the TV :-(

    u***vc service was solved , so you involves attempting other way to root

  • Hey I need a little nudge with root. I've gotten the passwords but I can't seem to use it. Can anyone guide me? Thank you

  • Type your comment> @ShiRake said:

    Hey I need a little nudge with root. I've gotten the passwords but I can't seem to use it. Can anyone guide me? Thank you

    Sent you a message

  • Type your comment> @VbScrub said:

    Did they ever release part 2 of that? I got part 1 back in 2017 but just had a look on amazon and it says part 2 was released in April this year but it also says it hasn't been released yet :s

    Also I will say that these books are very in depth and not really for beginners. I also don't know if they'd be that much use for general pentesting stuff really. They're mostly all about how the OS works at the kernel level, so if you're going to be specialising in discovering exploits in that area then definitely grab a copy, but lets face it most of us are not doing that.

    @VbScrub i have slightly old paperback version, I agree that its a very detailed book and may be little too deep just for pentesting but if someone wants to invest time on understanding the windows internal/fundamentals then its really good and will be helpful in pentest and even forensics as well.

  • how to get root
    someone can give me tips?

  • Type your comment> @JKLOVE said:

    how to get root
    someone can give me tips?

    Don't ask so general, you won't (and should not) get answer.

    Instead ask concrete and prove that you have been working the box out.

    We spend many hours and effort on each box so please be respectful.

  • @JKLOVE said:

    how to get root
    someone can give me tips?

    Exploit something vulnerable that is on the box.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Finally rooted :smile:
    Root shell kept dropping out, seemed like I was having to race to get what I needed.
    Guess this is down to others running the same exploit on the box?

    Took longer than expected as tried to go down the telly-box route.
    In the end a bigger boat helped me out....

  • Type your comment> @TazWake said:

    @JKLOVE said:

    how to get root
    someone can give me tips?

    Exploit something vulnerable that is on the box.

    I like your style.

  • Stuck on root using the U****c method, changed what I need to but not getting any output from it. Anyone who could DM me to check I'm on the right track? Cheers

  • Hi everyone, I got root with U***c method but i am wondering about TV method. I used some meterpreter functions but i couldn't success. Could anyone dm me about this method Regards

Sign In to comment.