Access

Guys, I am really confused about this one here. I got user, tried just about everything in the book to privesc, but nothing seems to work. I’ve been all over the r***s command, which doesn’t return any data, even the help switch gives me blank lines. Can’t get a reverse shell cause nothing will execute. I’m probably missing something stupid, but I can’t rule out some obscure misconfiguration. Would appreciate a PM; my discord is sceleris#5490

i’m trying to follow FuzzySecurity for priv esc but not sure how to import a file into windows wget won’t work…it’s not there

rooted!!! pm if u want some help
i will give u some hint without spoilers
for the entry u must get some file and get important infos
and for the root just enum the system and u get intereting thing jut know how to use it
the response is front of u

I can’t seem to get the password for the zip file… any tips would be helpfull (here or via PM)

Working on privesc. Found interesting sc***ts, and vulnerable version of program (but permissions are patched). Checked all bin_paths, all services… I’m Stuck, can anyone get a hing in PM?

@Calvo said:
I can’t seem to get the password for the zip file… any tips would be helpfull (here or via PM)

pm if you still want a hint

i’ve managed to get the root flag copied into another file by using ru*** and a quick script, but i can’t read file that either or change its permissions.

@iainpbsec said:
i’ve managed to get the root flag copied into another file by using ru*** and a quick script, but i can’t read file that either or change its permissions.

Copying it might not be the best approach.

There are other things you can to do pipe the contents of one file into a new file, and this will make sure the second file is accessible by the account you’ve used.

how did you get the administrator password?
net users stat password required = no
but it does not take blank password when doing the r***s
I tried the passwords found in the mdb table but they do not work, I also tried the password in the pst also did not work

You don’t necessarily need admin pw nixguy, you’re on the right track - look at all the flags available for r***s closely

Can someone help me? I can create a reverse shell but the connection automatically dies within a second…

@baseball737 said:
Can someone help me? I can create a reverse shell but the connection automatically dies within a second…

Do you need to set exitOnSession to false?

Got user, would welcome a hint on priv esc? is it to do with a certain flag of r***s?

is it intended/normal that we can not see the Deop directory in the P*c directory ? Also after a reset ?

Finally cracked this box, user and root. Took longer than I’d like to admit though. I learned quite a bit on it!

@TheInnocent said:
is it intended/normal that we can not see the Deop directory in the P*c directory ? Also after a reset ?

it’s a hidden folder for that user, use an appropriate switch on dir to see it

(I hadn’t actually looked in here, seems like it would have been a good place to start!)

Cannot unzip Acc**** zipfile. Anyone got a hint please ?

ok, i’m really stuck…using the flag with r***s but I get blank at the output

tried to redirect the output to a file and it’s still blank…any help is appreciated

@nixguy said:
ok, i’m really stuck…using the flag with r***s but I get blank at the output

tried to redirect the output to a file and it’s still blank…any help is appreciated

Same problem here

@legerdemain said:

@nixguy said:
ok, i’m really stuck…using the flag with r***s but I get blank at the output

tried to redirect the output to a file and it’s still blank…any help is appreciated

Same problem here

Me 3. This is only my second box, and I’m feeling a bit lost. I got user no problem and have been banging my head against this one for 10-12 hours now.