Access

I think ***:21 is the way, but i cant gain acces… When i connect i get refused, can i brute? it may take hours, but i cant find version (only **s is 7.5)

Can anyone give me a hint to continue?

Thanks and sorry, i’m stuck

@tryhardyomismo said:
I think ***:21 is the way, but i cant gain acces… When i connect i get refused, can i brute? it may take hours, but i cant find version (only **s is 7.5)

Can anyone give me a hint to continue?

Thanks and sorry, i’m stuck

you don’t need to bruteforce, look closely your nmap result, otherwise PM me

Can anyone PM me please?

right managed to get user access, looking at the hints, and trying to play with runas, and I’m not getting it to do anything, even if I runas myself. any clues?

Guys any hit of how can read the root.txt (I’m root)

I checked every desktop so I know it has to do with runas, but it outputs nothing every time. Any hints?

Can anyone here PM me??

Hi everyone !

For the Window’s equivalent of “sudo”, do we need a famous tool from the sy*********s suite ?

@14NC3107 said:
Hi everyone !

For the Window’s equivalent of “sudo”, do we need a famous tool from the sy*********s suite ?

=> To everyone, don’t lose time on this : “This program is blocked by group policy”.

You just need runas. And you all ask for help about the command not outputing anything that you don’t understand. Maybe thats the challenge :wink:

okay guis, i gain access to access (lol). Now i need privesc, but i never did in windows machine… Googling i saw a local exploit for priv who seems good… But cant download it by telnet… In my mind i have again the F** server

Any hint to continue or download by t***** session?

Thanks!

@tryhardyomismo said:
okay guis, i gain access to access (lol). Now i need privesc, but i never did in windows machine… Googling i saw a local exploit for priv who seems good… But cant download it by telnet… In my mind i have again the F** server

Any hint to continue or download by t***** session?

Thanks!

You can stay in your t***** session and test a few things as written just before by @rlfonseca. You can also test those things in a (little) more comfortable shell.

Really stuck on the priv. escalation part. I know what I have to do (I’ve been working on that angle even before everyone spoiled it in the thread), but there’s something that doesn’t work, and I’m not sure if I have the right information or not. Is there anyone I can PM to explain what I did so far, and if I’m still going in the right direction?

@Aura said:
Really stuck on the priv. escalation part. I know what I have to do (I’ve been working on that angle even before everyone spoiled it in the thread), but there’s something that doesn’t work, and I’m not sure if I have the right information or not. Is there anyone I can PM to explain what I did so far, and if I’m still going in the right direction?

PM me

Just rooted this box. If someone wants a nudge feel free to PM me.
Thanks for the box @egre55

@z3r0c001 said:

@lordsoahc said:
Any hits after user? Runas is asking for password. and password is not known for Administratotr. am i missing something?

Just enumerate all user desktops and you will find the answer…

Maybe, I’m confused as to what I should see but I tried that (at least I think that I have) and I still can’t figure out the password. Any help would be great.

@theZer0 said:
PM me

Got it to work. Was missing one thing that I overlooked because of the language barrier. Thank you though! :slight_smile:

@Aura said:

@theZer0 said:
PM me

Got it to work. Was missing one thing that I overlooked because of the language barrier. Thank you though! :slight_smile:

Nice!

Nice one @egre55 ! Learned something new yet again.

Oh man, good times on this box.

Really fun exercise in Windowsland.

I appreciate that though this was an easier box, that it required a bit of learning and research into Windows cmd usage.

Anyone can PM me if they need an assist.