Access

@Calvo said:
I can’t seem to get the password for the zip file… any tips would be helpfull (here or via PM)

pm if you still want a hint

i’ve managed to get the root flag copied into another file by using ru*** and a quick script, but i can’t read file that either or change its permissions.

@iainpbsec said:
i’ve managed to get the root flag copied into another file by using ru*** and a quick script, but i can’t read file that either or change its permissions.

Copying it might not be the best approach.

There are other things you can to do pipe the contents of one file into a new file, and this will make sure the second file is accessible by the account you’ve used.

how did you get the administrator password?
net users stat password required = no
but it does not take blank password when doing the r***s
I tried the passwords found in the mdb table but they do not work, I also tried the password in the pst also did not work

You don’t necessarily need admin pw nixguy, you’re on the right track - look at all the flags available for r***s closely

Can someone help me? I can create a reverse shell but the connection automatically dies within a second…

@baseball737 said:
Can someone help me? I can create a reverse shell but the connection automatically dies within a second…

Do you need to set exitOnSession to false?

Got user, would welcome a hint on priv esc? is it to do with a certain flag of r***s?

is it intended/normal that we can not see the Deop directory in the P*c directory ? Also after a reset ?

Finally cracked this box, user and root. Took longer than I’d like to admit though. I learned quite a bit on it!

@TheInnocent said:
is it intended/normal that we can not see the Deop directory in the P*c directory ? Also after a reset ?

it’s a hidden folder for that user, use an appropriate switch on dir to see it

(I hadn’t actually looked in here, seems like it would have been a good place to start!)

Cannot unzip Acc**** zipfile. Anyone got a hint please ?

ok, i’m really stuck…using the flag with r***s but I get blank at the output

tried to redirect the output to a file and it’s still blank…any help is appreciated

@nixguy said:
ok, i’m really stuck…using the flag with r***s but I get blank at the output

tried to redirect the output to a file and it’s still blank…any help is appreciated

Same problem here

@legerdemain said:

@nixguy said:
ok, i’m really stuck…using the flag with r***s but I get blank at the output

tried to redirect the output to a file and it’s still blank…any help is appreciated

Same problem here

Me 3. This is only my second box, and I’m feeling a bit lost. I got user no problem and have been banging my head against this one for 10-12 hours now.

@Hideo said:
Cannot unzip Acc**** zipfile. Anyone got a hint please ?

Hint DMd

anyone that was able to do the r***s successfully please pm me

@nixguy said:
anyone that was able to do the r***s successfully please pm me

I know r***s is running successfully because i can launch new cmd processes and view they are running in tasklist but I cant get it to save a file, copy a file or output data on the screen. I must be missing something but im not finding it. I know I’m close but yet so far.

@DirtyBird said:

@nixguy said:
anyone that was able to do the r***s successfully please pm me

I know r***s is running successfully because i can launch new cmd processes and view they are running in tasklist but I cant get it to save a file, copy a file or output data on the screen. I must be missing something but im not finding it. I know I’m close but yet so far.

that’s exactly what’s happening.
I can’t copy or output content of the file, or even list a directory with r***s

Something that helped me a ton was spinning up my own windows 10 vm and playing with r***s there. That way I could see the actual output of what was happening.

It was very illuminating.