Access

Finally cracked this box, user and root. Took longer than I’d like to admit though. I learned quite a bit on it!

@TheInnocent said:
is it intended/normal that we can not see the Deop directory in the P*c directory ? Also after a reset ?

it’s a hidden folder for that user, use an appropriate switch on dir to see it

(I hadn’t actually looked in here, seems like it would have been a good place to start!)

Cannot unzip Acc**** zipfile. Anyone got a hint please ?

ok, i’m really stuck…using the flag with r***s but I get blank at the output

tried to redirect the output to a file and it’s still blank…any help is appreciated

@nixguy said:
ok, i’m really stuck…using the flag with r***s but I get blank at the output

tried to redirect the output to a file and it’s still blank…any help is appreciated

Same problem here

@legerdemain said:

@nixguy said:
ok, i’m really stuck…using the flag with r***s but I get blank at the output

tried to redirect the output to a file and it’s still blank…any help is appreciated

Same problem here

Me 3. This is only my second box, and I’m feeling a bit lost. I got user no problem and have been banging my head against this one for 10-12 hours now.

@Hideo said:
Cannot unzip Acc**** zipfile. Anyone got a hint please ?

Hint DMd

anyone that was able to do the r***s successfully please pm me

@nixguy said:
anyone that was able to do the r***s successfully please pm me

I know r***s is running successfully because i can launch new cmd processes and view they are running in tasklist but I cant get it to save a file, copy a file or output data on the screen. I must be missing something but im not finding it. I know I’m close but yet so far.

@DirtyBird said:

@nixguy said:
anyone that was able to do the r***s successfully please pm me

I know r***s is running successfully because i can launch new cmd processes and view they are running in tasklist but I cant get it to save a file, copy a file or output data on the screen. I must be missing something but im not finding it. I know I’m close but yet so far.

that’s exactly what’s happening.
I can’t copy or output content of the file, or even list a directory with r***s

Something that helped me a ton was spinning up my own windows 10 vm and playing with r***s there. That way I could see the actual output of what was happening.

It was very illuminating.

What a great box @egre55! I haven’t had much exposure to popping Windows boxes + Windows PrivEsc so this taught me loads! Big ups to @thrash and @Parttimesecguy for letting me share notes with them! Based on what I learned, there is more than one way to root here… intended or not :slight_smile:

Hopefully not providing any spoilers on here, but I want to stress that if you can - try whatever is at your disposal on your own Windows box and see what kind of output you are getting there as @Lycist said (sorry if I’m still being too vague!). Feel free to PM if you think you’re on the right track but need some tips.

Finally!!
thank you @Sckull and @mekatronik, I appreciate the help.

I defiantly learned new thing on windows and PrivEsc

rooted! ■■■… I was in the process of downloading a windows 10 vm and it dawned on me I need to run something to run something… if that makes sense? @mekatronik you gave me a great hint that didnt even require the vm to finish downloading before i realized what could be wrong! I learned so much on this box and it hurt so bad so many times but now it feels so good!

@DirtyBird said:
rooted! ■■■… I was in the process of downloading a windows 10 vm and it dawned on me I need to run something to run something… if that makes sense? @mekatronik you gave me a great hint that didnt even require the vm to finish downloading before i realized what could be wrong! I learned so much on this box and it hurt so bad so many times but now it feels so good!

Glad you were able to root it! :slight_smile:

simple mistakes wasted so much time!

Great Machine, Rooted Finally. Thanks for the final hint @mekatronik , PM if anyone needs any hints.

Getting the root flag was not too bad … saw something like this in the PWK lab. But there is more to learn if you push on to getting yourself an Administrator shell with the ability to move around freely.

@3s073r1k said:

@iammainul said:
I am having trouble of installing the tool in my kali. any help? I am pissed

only tool I needed was available with apt install , you can use other commands to read “strings” from files :wink:

yeah finally figured that out. now stuck. got user and pass for S*******. I think something is not right. dont know.

Rooted. My hints for this box:

-user: it is just enumeration, google is your friend for every step, google the names of the files’ extensions you encounter

-root: only thing you need is a certain command (named everywhere in this thread). You will struggle with the sintax, so make sure to understand well what it does, google is your friend again, search for usage example.