@nixguy said:
ok, i’m really stuck…using the flag with r***s but I get blank at the output
tried to redirect the output to a file and it’s still blank…any help is appreciated
Same problem here
Me 3. This is only my second box, and I’m feeling a bit lost. I got user no problem and have been banging my head against this one for 10-12 hours now.
@nixguy said:
anyone that was able to do the r***s successfully please pm me
I know r***s is running successfully because i can launch new cmd processes and view they are running in tasklist but I cant get it to save a file, copy a file or output data on the screen. I must be missing something but im not finding it. I know I’m close but yet so far.
@nixguy said:
anyone that was able to do the r***s successfully please pm me
I know r***s is running successfully because i can launch new cmd processes and view they are running in tasklist but I cant get it to save a file, copy a file or output data on the screen. I must be missing something but im not finding it. I know I’m close but yet so far.
that’s exactly what’s happening.
I can’t copy or output content of the file, or even list a directory with r***s
Something that helped me a ton was spinning up my own windows 10 vm and playing with r***s there. That way I could see the actual output of what was happening.
What a great box @egre55! I haven’t had much exposure to popping Windows boxes + Windows PrivEsc so this taught me loads! Big ups to @thrash and @Parttimesecguy for letting me share notes with them! Based on what I learned, there is more than one way to root here… intended or not
Hopefully not providing any spoilers on here, but I want to stress that if you can - try whatever is at your disposal on your own Windows box and see what kind of output you are getting there as @Lycist said (sorry if I’m still being too vague!). Feel free to PM if you think you’re on the right track but need some tips.
rooted! ■■■… I was in the process of downloading a windows 10 vm and it dawned on me I need to run something to run something… if that makes sense? @mekatronik you gave me a great hint that didnt even require the vm to finish downloading before i realized what could be wrong! I learned so much on this box and it hurt so bad so many times but now it feels so good!
@DirtyBird said:
rooted! ■■■… I was in the process of downloading a windows 10 vm and it dawned on me I need to run something to run something… if that makes sense? @mekatronik you gave me a great hint that didnt even require the vm to finish downloading before i realized what could be wrong! I learned so much on this box and it hurt so bad so many times but now it feels so good!
Getting the root flag was not too bad … saw something like this in the PWK lab. But there is more to learn if you push on to getting yourself an Administrator shell with the ability to move around freely.
-user: it is just enumeration, google is your friend for every step, google the names of the files’ extensions you encounter
-root: only thing you need is a certain command (named everywhere in this thread). You will struggle with the sintax, so make sure to understand well what it does, google is your friend again, search for usage example.
Alright, I’ve been at this box for way to long now stuck with this runas command. I’ve tried tons of syntaxes but none of the worked. I’ve got 2 potential password to try if it gives me a prompt but those don’t work either.
I tried some commands on my own windows machine and one did work but trying it on access it doesn’t.
im stuck at priv esc. part, tried tons of r***** command with my own user or with admin** user but nothing works (only cmd… maybe)
I tried to execute lots of versions of running cmd.ex but nothing again.
I have also found some notes at desktop and modified those commands with r**** but again nothing nothing…
these commands are really restricted with purpose? then wow, it shouldnt be so hard…
edit: rooted finally, if u start a journey with wrong boots (parameters), then all journey will be pain for u… read man page of known command very well… not a happy 4-5 hours for this struggle…