Official Love Discussion

123457

Comments

  • Nice box! Learned a few things and got a lot better at using different tools.

    Foothold

    Do not get stuck in the rabbit hole that I did on the web piece. Return to your nmap scan and keep things simple. Make a simple config tweak and observe the new avenue you have opened! From here, enumerate until you find a way in. Found a new piece of functionality that you do not know how to leverage? Maybe it can be used differently from how you're thinking about it.

    User

    Fairly simple once you find a way in. Basic reverse shell work.

    System

    Far easier than user. My difficulty was in achieving a stable shell and finding a good way to read the output of the tool I used. This tool is extremely commonplace for Windows privilege escalation; you will know what it is. Simply read the output carefully and Google for an article that demonstrates how to use the exploit; it is very straightforward and takes little time at all to execute.

    Please feel free to DM me for hints!

  • The administrator is much easier than the user, even without any tools.

    I got some hint on the user, and I'd like to know why? what's in the scan tells you how to do what you should do on the initial foothold. Anyone to explain? (DM please to avoid any spoilers)

  • Rooted, I really enjoyed this Easy box.

    For foothold, if you know of this type of vulnerability you may have an easier time; if not, it's a good learning opportunity and an opportunity to test creativeness. Shout out to Pentesterlab.com for the assist ;)

  • Rooted

    I have a question, why i cant use mysql ? is there a sintax to check the db ? thanks if some one want help me.

  • @NFire0111111 said:

    Rooted

    I have a question, why i cant use mysql ? is there a sintax to check the db ? thanks if some one want help me.

    It depends what you mean about using MySQL. Was it running on this box?

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Hey i'm a bit stuck, can somebody PM me ?

  • Rooted!
    Very cool machine to make but I had some problems on w...s.... and I needed to restart the machine a few times.
    user you need to enumerate and keep an eye on the return of the ports you find.
    root there are several ways to get scaling. I found the user more difficult than root.

    If anyone needs help can give me a nudge pv.


    Enraizada!
    Maquina muito legal de se fazer porém tive alguns problemas na w...s.... e precisei reiniciar a maquina algumas vezes.
    user é preciso enumerar e ficar de olho no retorno das portas encontras.
    root existem diversas formas de conseguir escalar. Achei o usuário mais dificil que o root.

    Caso alguém precise de ajuda pode me dar uma cutucada pv.

    RecifePoxa!

    Hack The Box

  • Rooted successfully, Easy box
    Enumeration is a key.
    DM for nudges

  • could someone give foothold?

  • got user and root. Strange machine lol :)

  • I am not getting the meterpreter reverse shell.. it always dies cananyone tell why.. without it I am unable to run local exploit suggestor

  • Hi everyone,

    I have a question regarding PE. It's the second time (different boxes) I upload winpeas on the target, but "nothing happens" when I run it. I mean not exactly nothing, but my shell becomes unresponsive and I have to ctrl+c...
    Do you have any idea why?! On the last box I tried with different versions (winPEASx86, winPEASx64, and winPEASany.exe).

    Thank you and happy hacking!

  • Having Trouble on Foot hold, if anyone has the time a DM would be amazing

  • Help please,
    I found the user's flag on the Desktop directory, but when submitting it, there is an error of incorrect flag.. seems weird.

    image

  • Question, when I locate where I need to go from Nmap, the server seems down? Any Help Would Be Appreciated

  • Very entertaining machine and good introduction to privilege escalation in Windows! Congrats @pwnmeow !

  • edited July 9

    Finally Rooted!!!!

    It was a nice box overall.

    For User: I think I had an unintended approach. All I can say is avoid rabbitholes and you can get to the user in no time. Google is your friend. :smile: I used a P***** script I found online. I think there might be another way as well.

    For Root: This was a nice part :blush: (and most painful too :disappointed:)
    Study the output of Winpeas carefully. It was my first windows box and hints posted on this forum helped me a lot for privesc.

    Honestly, I found this easier than knife but tougher than cap.

    I have been doing HTB for a few days now and I feel HTB is really improving my skills. :smiley:

  • I've been working on this a couple of days and I feel like I'm stuck somewhere between foothold and user. I've found the dev service and have been feeding it URLs. I'm getting some info back but I haven't found anything that I've been able to leverage.

    would appreciate any tips. thank you.

  • i'm at a total lost for the foothold... I've tried all ports but can't get anything back from the browser. A nudge would be very much appreciated :)

  • This is my first time doing a good Windows box all the way through and it definitely helped me understand Windows pentesting methodology better. I also highly recommend https://book.hacktricks.xyz/ if you're new like me.

  • edited July 11

    Anyone having issues logging in with the creds? I've tried it on all 3 login pages, but it keeps coming up with incorrect password.

    EDIT: nvm works now...

  • Hello does anybody have issues validating the hashes on this machine?

    I have both hashes of love user and admin but none is accepted

    C:\Users\Phoebe\Desktop>type user.txt
    type user.txt
    d4c32c4f8b3c130< the rest is removed>

    C:\users\Administrator\Desktop>type root.txt
    type root.txt
    ad386382580a1< the rest is removed>

  • Hello guys, after enumerations i got a web page that required admin login, but i got the user name and login for admin and the password too but i have no success in logging into the web site/server coz its saying incorrect passwd.Is there any other way out?

  • Finally rooted.

    I have spent way longer on foothold right in front of the entrypoint, just because ignoring some findings of my nmap scan. As others have told, the solution is right in front of you after you did the nmap scan. There are actually two important results in nmap which are easy to overlook.

    I have found the privesc path after a few minutes, but due to a typo my command did not execute correctly.... After a few days I have learned how to write quiet correctly X-D
  • edited July 15

    @xenacod said:
    Hello guys, after enumerations i got a web page that required admin login, but i got the user name and login for admin and the password too but i have no success in logging into the web site/server coz its saying incorrect passwd.Is there any other way out?

    site enumeration is key

  • @jvlavl said:

    Hello does anybody have issues validating the hashes on this machine?

    I have both hashes of love user and admin but none is accepted

    C:\Users\Phoebe\Desktop>type user.txt
    type user.txt
    d4c32c4f8b3c130< the rest is removed>

    C:\users\Administrator\Desktop>type root.txt
    type root.txt
    ad386382580a1< the rest is removed>

    Hashes are dynamic, which means they change every time the box reboots and are different between VPN connections. They have a short lifespan on most boxes.

    However, it also means that sometimes the hashes aren't properly initialised during the boot cycle. This is getting rarer now but still seems to happen.

    Also, if there is a reset request between you getting the hash and submitting the hash, then your hashes are no longer valid. Really, they need to be used quickly.

    For anyone facing this problem you have very few choices:

    • reset the box, re-pwn it and get the new hashes, submit them. If they aren't new hashes or if they get rejected as well you need to go to the other option.
    • raise a ticket with HTB support. They will want to double-check your exploitation so may ask you to explain exactly how you compromised the box. This is simply to check that people aren't just "trying hashes they found online". Once you have convinced them your hashes are legitimate and the box is broken, they can fix it. You may need to repwn once they've fixed it.
    • Wait. Hopefully in a few days/weeks, someone else will report it and the box will get fixed. Repwn it, get new hashes, submit flags, get points.

    There isn't really a lot else. Some people reset the box a lot but that makes the problem worse.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • @xenacod said:

    Hello guys, after enumerations i got a web page that required admin login, but i got the user name and login for admin and the password too but i have no success in logging into the web site/server coz its saying incorrect passwd.Is there any other way out?

    Check for typos.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Can I get some help?

    I got to the rce part, however multiple different shells all return errors and meterpreter tells me they are "Invalid".
    Is there an extra step to do before they execute properly?

  • @RandomPerson00 said:

    Can I get some help?

    I got to the rce part,

    Just to check, is this for user or root?

    however multiple different shells all return errors and meterpreter tells me they are "Invalid".
    Is there an extra step to do before they execute properly?

    If this is for root, double-check the architecture and format you use to create the .*** you want to upload. Although I don't think it is necessary here, I tend to use -e and some options just to be on the safe side.

    If you build the .*** correctly, it should work.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Anyone having issues with the Revshell? Its connecting back but dosent complete the shell. Am i missing something?

Sign In to comment.