Active any hints

can any of you tell me an idea on how to approach Active? i am in a learning process

Tagged:
«13456717

Comments

  • Box has not been live for very long so just keep enumerating as much as you can.
    https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/
    If you need more of a push for user feel free to PM me.

    Rantrel
    ~|OSCP|~

  • Just as an update . Getting user is pretty straightforward. you just have to know where to look and how to look

    root seems more tricky

  • Anybody can give me an idea on how to get root? i barely have any hints as to where to go to get access to administrator . do i have to check another port?

  • The Box, is a windows one compare the name out of it and focus what crucial ports you can use to get Data outside from it.

    Frey

  • @Otichoo said:
    Anybody can give me an idea on how to get root? i barely have any hints as to where to go to get access to administrator . do i have to check another port?

    The name of the user pretty much gives out what you have to do for the privesc part.

    Frey

  • edited July 31

    Spoiler Removed - Arrexel

    Parttimesecguy

  • @Parttimesecguy said:
    I've managed to grab a username and password from a certain XML file, but I've not been able to use it successfully, any nudges?

    Do some research about the file / fields it has. Google is pretty straightforward at giving info for it.

    Hack The Box

  • @Enigma00 said:

    @Parttimesecguy said:
    I've managed to grab a username and password from a certain XML file, but I've not been able to use it successfully, any nudges?

    Do some research about the file / fields it has. Google is pretty straightforward at giving info for it.

    yeah, I was on the right track, with the right tool, using the wrong parameter. Todays lesson is try with all the things you know, one of them may work

    Parttimesecguy

  • hi i had found many services run on the box i focus on the S** service but i can M***t nothing must i have any creds for that

    Raouf09

  • edited July 30

    @raouf09 said:
    hi i had found many services run on the box i focus on the S** service but i can M***t nothing must i have any creds for that

    There may be one or two folders can go in anonymously and may be crucial in getting the user flag.

    wilsonnkwanl

  • Hi Guys, I already got user.txt. But as of now struggling to get root.txt. Any kind soul willing to guide me if you know how, please DM me? or we can share notes and help each other. Thank you.

    wilsonnkwanl

  • edited August 7

    This was a fun box, and it is extremely relevant to real world pentesting. The attack to get system privs is well documented if you know what to look for.

    edit:

    Jesus so many PMs lol.Hint: Stop using MS 14-068. Its a waste of time and not needed. This attack is well documented. This type of Windows server is only running so many services that are attackable. Enumeration is the - to system privs. ;)

  • I have been able to grab user flag by a certain mount but how do I use this to get a shell?

    Mochan

    Checkout my Dropbox of Goodies >> https://www.dropbox.com/sh/ba0t59c5fnccgms/AACvUbUSflWB1_AAgj8okEUra?dl=0

    [CCNA R&S] [OSCP - In Progress] [Security+ - In Progress]

  • @wilsonnkwan said:
    Hi Guys, I already got user.txt. But as of now struggling to get root.txt. Any kind soul willing to guide me if you know how, please DM me? or we can share notes and help each other. Thank you.

    Frey gave a pretty good hint just a few post up as to privX

    Rantrel
    ~|OSCP|~

  • @mochan said:
    I have been able to grab user flag by a certain mount but how do I use this to get a shell?

    maybe you don't have to?

    it2w

  • @Rantrel, I know what is he talking about but I am not sure how to get a PS to do that attack.

    wilsonnkwanl

  • I'm struggling with this one. I don't know enough about s** etc. Been trying to m**** but not getting anywhere with that. Tried a few things from the PenTest cheat sheet and even bought a Red Team Field Manual book to further my knowledge but I think I'm missing something.

    Largoat

  • User is easy, but not trivial for someone who has no initial knowledge about the exposed services. Root however... probably relatively easy too, I'm convinced it has to do with k*****os but everything I'm finding regarding this service requires code execution on that machine. Derp.

    nscur0

  • i got user.txt but stuck on root.txt

    Raouf09

  • Can I PM anyone regarding PrivEsc?

    SymR

  • @nscur0 said:
    User is easy, but not trivial for someone who has no initial knowledge about the exposed services. Root however... probably relatively easy too, I'm convinced it has to do with k*****os but everything I'm finding regarding this service requires code execution on that machine. Derp.

    I am stuck at the exact same step and I also have the same view.

    wilsonnkwanl

  • Got user, tried getting shell with w*****c and p****c but no luck. Still trying to figure out a way to pop a remote shell so I can access what I need to elevate

  • I am having issues with finding a certain ID to use a certain technique to get root.txt. Any tips on that?

  • everyone forget it, they patched ms14_068 does not work anymore link: https://www.hackthebox.eu/home/announcements

    Hack The Box

  • ekseks
    edited July 31

    If you used MS14-068, you are missing about 99.9% of this machine's purpose.
    So i urge you to give it another shot!
    This is supposed to act as a stepping stone for Endgames and Pro Labs with Active Directory.

    Hack The Box

  • @rek2 said:
    everyone forget it, they patched ms14_068 does not work anymore link: https://www.hackthebox.eu/home/announcements

    AH RIP

    Hack The Box

  • I found some credentials, decode it but I can't seem to find the place to use them. Could someone give me a nudge?

    Vex20k

  • tips on priv escation would be appreciated. Thanks alot

  • @Vex20k said:
    I found some credentials, decode it but I can't seem to find the place to use them. Could someone give me a nudge?

    same boat

  • I'm thinking maybe you have to impersonate someone to access root.txt? Or maybe i'm missing something.
Sign In or Register to comment.