Active any hints

@Parttimesecguy said:
I’ve managed to grab a username and password from a certain XML file, but I’ve not been able to use it successfully, any nudges?

Do some research about the file / fields it has. Google is pretty straightforward at giving info for it.

@Enigma00 said:

@Parttimesecguy said:
I’ve managed to grab a username and password from a certain XML file, but I’ve not been able to use it successfully, any nudges?

Do some research about the file / fields it has. Google is pretty straightforward at giving info for it.

yeah, I was on the right track, with the right tool, using the wrong parameter. Todays lesson is try with all the things you know, one of them may work

hi i had found many services run on the box i focus on the S** service but i can M***t nothing must i have any creds for that

@raouf09 said:
hi i had found many services run on the box i focus on the S** service but i can M***t nothing must i have any creds for that

There may be one or two folders can go in anonymously and may be crucial in getting the user flag.

Hi Guys, I already got user.txt. But as of now struggling to get root.txt. Any kind soul willing to guide me if you know how, please DM me? or we can share notes and help each other. Thank you.

This was a fun box, and it is extremely relevant to real world pentesting. The attack to get system privs is well documented if you know what to look for.

edit:

Jesus so many PMs lol.Hint: Stop using MS 14-068. Its a waste of time and not needed. This attack is well documented. This type of Windows server is only running so many services that are attackable. Enumeration is the - to system privs. :wink:

I have been able to grab user flag by a certain mount but how do I use this to get a shell?

@wilsonnkwan said:
Hi Guys, I already got user.txt. But as of now struggling to get root.txt. Any kind soul willing to guide me if you know how, please DM me? or we can share notes and help each other. Thank you.

Frey gave a pretty good hint just a few post up as to privX

@mochan said:
I have been able to grab user flag by a certain mount but how do I use this to get a shell?

maybe you don’t have to?

@Rantrel, I know what is he talking about but I am not sure how to get a PS to do that attack.

I’m struggling with this one. I don’t know enough about s** etc. Been trying to m**** but not getting anywhere with that. Tried a few things from the PenTest cheat sheet and even bought a Red Team Field Manual book to further my knowledge but I think I’m missing something.

User is easy, but not trivial for someone who has no initial knowledge about the exposed services. Root however… probably relatively easy too, I’m convinced it has to do with k*****os but everything I’m finding regarding this service requires code execution on that machine. Derp.

i got user.txt but stuck on root.txt

Can I PM anyone regarding PrivEsc?

@nscur0 said:
User is easy, but not trivial for someone who has no initial knowledge about the exposed services. Root however… probably relatively easy too, I’m convinced it has to do with k*****os but everything I’m finding regarding this service requires code execution on that machine. Derp.

I am stuck at the exact same step and I also have the same view.

Got user, tried getting shell with w*****c and p****c but no luck. Still trying to figure out a way to pop a remote shell so I can access what I need to elevate

I am having issues with finding a certain ID to use a certain technique to get root.txt. Any tips on that?

everyone forget it, they patched ms14_068 does not work anymore link: Login :: Hack The Box :: Penetration Testing Labs

If you used MS14-068, you are missing about 99.9% of this machine’s purpose.
So i urge you to give it another shot!
This is supposed to act as a stepping stone for Endgames and Pro Labs with Active Directory.

@rek2 said:
everyone forget it, they patched ms14_068 does not work anymore link: Login :: Hack The Box :: Penetration Testing Labs

AH RIP