Starting Point Challenge - psexec.py/privilege escalation

the last step of the Starting Point challenge has got me.. Not sure how to proceed.

So I am fully connected as administrator, right...

I navigate to the admin desktop where root.txt is... I try to download it, but I get the following:

C:\Users\Administrator\Desktop>get root.txt
[*] Downloading ADMIN$\root.txt
[-] SMB SessionError: STATUS_OBJECT_NAME_NOT_FOUND(The object name is not found.)

No idea what that means..

I tried various things such as moving the file to another user or share, but nothing has worked thus far. I'm confused as to what I'm supposed to do..

Comments

  • I don't want to give you the answer. So here's a hint.

    get command is not the right approach. This is because you cannot recursively leave the ADMIN$.

    Think of other ways to get the contents of root.txt

    TheBrick

  • edited April 2020

    I dont know of any other ways.. I tried to move the file so i could access it via smbclient command from previous steps, when we had to access the backups directory.. but it didn't work, or I'm not doing it correctly.

    I also thought it might be possible to transfer the file to the http.server we had to create, but i couldn't figure that out either.. not even sure if that is possible..

    I think I just thought of something, but no idea if it works yet.. the PowerShell script confused the hell out of me since I'm not well versed in any type of coding....

  • what is the powershell equivelant of 'cat'?

    TheBrick

  • edited April 2020

    Think I got it...

    Had to backtrack a little bit.. went back to the user.txt. I did that type thing, just trying to figure out how to actually read them lol

    **edit.. I thought I would have had to decrypt them, but I guess not

  • Hi can you please tell me how you solved osint money flowz & frankhustler challenge

  • Type your comment> @nitin122 said:

    Hi can you please tell me how you solved osint money flowz & frankhustler challenge

    that's got absolutely nothing to do with this 2 month old thread... and people won't just tell you how to complete challenges

  • Hi guys, what if I want to copy that file to my local machine?
    Any ideas please?

  • Type your comment> @TheBrick said:

    what is the powershell equivelant of 'cat'?

    Awesome hint. Thanks! This got me over the line!

Sign In to comment.