Official Omni Discussion

1457910

Comments

  • Rooted
    First time i got insane with the flags huh...
    feel free to pm me for nudges

  • Can some one can give me a nudge how i can dump hashes after getting admin shell. i have tried mimikatz it doesn't worked. Any help?

    Hack The Box
    If i helped you and tried to explained you! just give me a respect. click on the img to get my profile link.!
    Profile : https://www.hackthebox.eu/home/users/profile/17564

  • @parteeksingh said:

    Can some one can give me a nudge how i can dump hashes after getting admin shell. i have tried mimikatz it doesn't worked. Any help?

    When you say dump hashes, do you mean the password hashes for the administrator?

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • This is a fun box - managed to get root before user though, largely because I overlooked something very obvious.

    This box is a good example of enumeration and simple processes being the key to every step.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • @TazWake i was trying to dump password hash as this is a fun box with Win based. Just playing with this box like without any password dumping tool working still we can dump hashes. Just for learning if these types of situations arrive in real world so i would know what i have to do. I know i have the admin pass i can convert that pass to NTLM hASh. just learning different ways.

    The box is quite good enumeration is the key it took me 4 hours to find my foothold. After that it's like a piece of cake. :)

    Hack The Box
    If i helped you and tried to explained you! just give me a respect. click on the img to get my profile link.!
    Profile : https://www.hackthebox.eu/home/users/profile/17564

  • For the people struggling to get foothold here is a quick reference. Every thing is on the forum. I will just brief about this box.

    Enumeration is the key look for every piece of information . look closely to nmap scan it might help to find what is running in this machine

    once you get what is running Google is your best friend. Don't look or overthink as i missed and overthink here. Everything is in front of us nee to just think in that way.

    once you get what is required and get shell . There is something more just a normal enumeration in the box and maybe some switches can help here.

    user and administrator is piece of cake once you get your required thing after getting shell.

    @egre55 Thanks for this awesome and fun box.

    If i spoiled something feel free to remove this .. :smile:

    Hack The Box
    If i helped you and tried to explained you! just give me a respect. click on the img to get my profile link.!
    Profile : https://www.hackthebox.eu/home/users/profile/17564

  • @parteeksingh said:

    @TazWake i was trying to dump password hash as this is a fun box with Win based. Just playing with this box like without any password dumping tool working still we can dump hashes. Just for learning if these types of situations arrive in real world so i would know what i have to do. I know i have the admin pass i can convert that pass to NTLM hASh. just learning different ways.

    Awesome - good idea.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • This was a really nice box, learned some cool PS things in the proccess. Thanks for this @egre55 :smiley:

  • Can someone drop a note with some nudge, already got a reverse shell but expending many hours looking around files/directories but finding are not working to get root :neutral:

  • @sk1pf said:

    Can someone drop a note with some nudge, already got a reverse shell but expending many hours looking around files/directories but finding are not working to get root :neutral:

    If you have a reverse shell which got you the user flag, then you do a very similar thing to get root.

    If you haven't got user yet, you need to enumerate quite hard on this box. There are good techniques for searching for what you need and it helps a lot if you have a powershell shell.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Rooted! Went down a rabbit hole after getting initial foothold which cost me a day of wasted effort, but woke up this morning and remembered to go back to basics, and then it all fell into place. Got a bit hung up looking trying to shift user identities, until I realised I didn't need to to get user. Once you get user, root is like 3 mins more work.

    My advice - don't get ahead of yourself thinking you've got it in the bag once you get the initial exploit - you still need actual user creds to get the flags.

  • Type your comment> @TazWake said:

    @sk1pf said:

    Can someone drop a note with some nudge, already got a reverse shell but expending many hours looking around files/directories but finding are not working to get root :neutral:

    If you have a reverse shell which got you the user flag, then you do a very similar thing to get root.

    If you haven't got user yet, you need to enumerate quite hard on this box. There are good techniques for searching for what you need and it helps a lot if you have a powershell shell.

    Thanks TazWake, already rooted this machine, lot of enumeration :smile:

  • Nice Box, after spend time to understand the environment it is quite simple, but not too much, some interesting things i learned. thanks to @egre55

  • Rooted! That was a fun box and I learned a lot doing it. It was interesting being that root was the exact same as user. If you get one, you have the other too.
    The hardest part was the 'hashes'. If you're struggling with that, read the file more and read up on the class you see.

    kneedeep

    Reality is often disappointing.

  • Took some time off this box after getting stuck on a reverse shell part. Found my reverse shell issue was just an issue involving slashes (so mad I had the right way about it but just making a stupid mistake wasted hours and caused me to try alternate routes). After that it is pretty simple.

  • edited September 6

    Running the script, I'm able to view the host file, run basic commands, ping myself, download files from my hosted web server, but not able to write to a file or execute scripts directly from memory. I'm using PS for commands on the box, as CMD output was unreliable. I'm searching for a writable directory to save my shell binary but am not finding anything. I've tried diff variations of temp directories, but not seeing any indications from script output that files are saving. Any nudges on writable directories or course correction to gain initial shell?

    Hack The Box

  • Totally lost after getting initial shell, can't find this file I'm supposed to, anyone able to provide a hint via DM?

  • @beauchompers said:

    Totally lost after getting initial shell, can't find this file I'm supposed to, anyone able to provide a hint via DM?

    Powershell has useful ways to search for things. Often using that can help.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Rooted!!!
    ping me for any hints and tips

    Scorpion4347

  • I understand I am a little out of practice, but what I'm missing in here is beyond the rustiness I could have. Could someone ping me and assist with nudges? I have a remote shell and certain files. I can't import certain xml file to then try and retrieve the creds as it errors out.

    Hack The Box
    CISSP | eJPT

  • @grav3m1ndbyte said:

    I understand I am a little out of practice, but what I'm missing in here is beyond the rustiness I could have. Could someone ping me and assist with nudges? I have a remote shell and certain files. I can't import certain xml file to then try and retrieve the creds as it errors out.

    Happy to help if I can but I dont know what XML file you are trying to import.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Thank you @TazWake

    I’ll DM you shortly and explain where I’m at. I’m probably more frustrated than what I should.

    Hack The Box
    CISSP | eJPT

  • I am having troubles with the last part too, I got into the machine, and I am having troubles to find the right file or maybe I have seen it but I dunno how to use it :dizzy:

  • ROOTED!! Wow, that was definitively a nice ride and a different kind of machine. Thanks to @TazWake for the nudge and congrats to @egre55 for another great box!

    Hack The Box
    CISSP | eJPT

  • edited September 8

    Some help over here !! ... this OS is very peculiar I have the shell but I´m not be able to see any User on Users folder also y tried something like SystemInfo with my terminal and it does not exist. I tried in the userprofile folder and it doesn´t have anything !!! currently I have the shell but without any User :S ...

    currently I have access to both user moving to other part of the disk !! the last part comes with Cryto.. right ?

  • @H4FN said:
    > currently I have access to both user moving to other part of the disk !! the last part comes with Cryto.. right ?

    Not really. But the content you thought as Crypto has a hint for what algorithm is used behind to encrypt.

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • Type your comment> @gunroot said:

    @H4FN said:

    currently I have access to both user moving to other part of the disk !! the last part comes with Cryto.. right ?

    Not really. But the content you thought as Crypto has a hint for what algorithm is used behind to encrypt.

    I´m woking on it ! but it looks that I have an error importing it.

  • edited September 8

    I´m stuck even after login with user and password when I try to import the flags I have this error Error occurred during a cryptographic operation. and before I had this message Access to the path '***********' is denied.
    I did all my research and look that I must import but I have those errors :(

    am I missing something else or cryptographic operation is not working properly ?

  • @H4FN said:

    am I missing something else or cryptographic operation is not working properly ?

    The account matters.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • I am able to write Powershell files, execute the Powershell scripts written, but I am failing to execute any of the usual PS reverse shells I've used in the past. Could someone PM me with some help. Thanks.

    Arrexel
    eJPT

Sign In to comment.