Access

1679111240

Comments

  • @nixguy said:
    anyone that was able to do the r***s successfully please pm me

    I know r***s is running successfully because i can launch new cmd processes and view they are running in tasklist but I cant get it to save a file, copy a file or output data on the screen. I must be missing something but im not finding it. I know I'm close but yet so far.

  • @DirtyBird said:

    @nixguy said:
    anyone that was able to do the r***s successfully please pm me

    I know r***s is running successfully because i can launch new cmd processes and view they are running in tasklist but I cant get it to save a file, copy a file or output data on the screen. I must be missing something but im not finding it. I know I'm close but yet so far.

    that's exactly what's happening.
    I can't copy or output content of the file, or even list a directory with r***s

    Nixguy

  • edited October 2018

    Something that helped me a ton was spinning up my own windows 10 vm and playing with r***s there. That way I could see the actual output of what was happening.

    It was very illuminating.

  • edited October 2018

    What a great box @egre55! I haven't had much exposure to popping Windows boxes + Windows PrivEsc so this taught me loads! Big ups to @thrash and @Parttimesecguy for letting me share notes with them! Based on what I learned, there is more than one way to root here... intended or not :)

    Hopefully not providing any spoilers on here, but I want to stress that if you can - try whatever is at your disposal on your own Windows box and see what kind of output you are getting there as @Lycist said (sorry if I'm still being too vague!). Feel free to PM if you think you're on the right track but need some tips.

  • Finally!!
    thank you @Sckull and @mekatronik, I appreciate the help.

    I defiantly learned new thing on windows and PrivEsc

    Nixguy

  • rooted! omg.... I was in the process of downloading a windows 10 vm and it dawned on me I need to run something to run something... if that makes sense? @mekatronik you gave me a great hint that didnt even require the vm to finish downloading before i realized what could be wrong! I learned so much on this box and it hurt so bad so many times but now it feels so good!

  • @DirtyBird said:
    rooted! omg.... I was in the process of downloading a windows 10 vm and it dawned on me I need to run something to run something... if that makes sense? @mekatronik you gave me a great hint that didnt even require the vm to finish downloading before i realized what could be wrong! I learned so much on this box and it hurt so bad so many times but now it feels so good!

    Glad you were able to root it! :)

  • simple mistakes wasted so much time!

  • Great Machine, Rooted Finally. Thanks for the final hint @mekatronik , PM if anyone needs any hints.

    Draco123

  • Getting the root flag was not too bad ... saw something like this in the PWK lab. But there is more to learn if you push on to getting yourself an Administrator shell with the ability to move around freely.

    LegendarySpork

    my badge doesn't work, click on my profile if you want rank and stuff

    LegendarySpork

  • @3s073r1k said:

    @iammainul said:
    I am having trouble of installing the tool in my kali. any help? I am pissed

    only tool I needed was available with apt install , you can use other commands to read "strings" from files ;)

    yeah finally figured that out. now stuck. got user and pass for S*******. I think something is not right. dont know.

  • Rooted. My hints for this box:

    -user: it is just enumeration, google is your friend for every step, google the names of the files' extensions you encounter

    -root: only thing you need is a certain command (named everywhere in this thread). You will struggle with the sintax, so make sure to understand well what it does, google is your friend again, search for usage example.

    TheInnocent

    "I recognize, Mr. Reese, that there's a disparity between how much I know about you and how much you know about me. I know you'll be trying to close that gap as quickly as possible. But I should tell you... I'm a really private person."

  • Hi, can you help me? i use the command r***s but it's asking me password, i have only one password.....

  • Alright, I've been at this box for way to long now stuck with this runas command. I've tried tons of syntaxes but none of the worked. I've got 2 potential password to try if it gives me a prompt but those don't work either.

    I tried some commands on my own windows machine and one did work but trying it on access it doesn't.

    Would someone be so kind to shoot me a PM?

    Vex20k

  • edited October 2018

    wow this box shouldnt be 20 points.....

    im stuck at priv esc. part, tried tons of r***** command with my own user or with admin** user but nothing works (only cmd.... maybe)
    I tried to execute lots of versions of running cmd.ex but nothing again.
    I have also found some notes at desktop and modified those commands with r**** but again nothing nothing...
    these commands are really restricted with purpose? then wow, it shouldnt be so hard... :( :scream:

    edit: rooted finally, if u start a journey with wrong boots (parameters), then all journey will be pain for u... read man page of known command very well.. not a happy 4-5 hours for this struggle.. :angry: ;)

    Wainright

  • I just moved the security user to the local administrators group, but I can't access read the root.txt file

    Any Hints ?

  • Hint -- how is access controlled on Windows? The answer is complicated.

    LegendarySpork

    my badge doesn't work, click on my profile if you want rank and stuff

    LegendarySpork

  • I unfortunately need help with initial access Dx I should have got this but when I try cracking the .zip file my found passwords are not working!!! I am on Mac OS lol Any hints?

    I found both files in F** service. Already looking into the 'backup' one and found the interesting passwords.

  • If someone can DM me that would be very helpful

  • Got it! Two characters in the end stood between me and root. A good box, simple in hindsight but learned a lot. Thanks to those who provided hints, those I gave hints - I hope they helped! Looking forward to going back to this box in a few days and trying another way.

    ipbsec

  • Is anyone else having a problem today with the machine being unresponsive? Every time I connect it seems to work for one or 2 commands then it gets stuck and I have to reconnect. Wasn't sure if it was just me?

  • Let me give a hint for priv esc.
    First tho, like most ppl say you have to use r***s .
    But a lot of ppl have a problem how to use it.....
    So my hint here is "linux has bash, Wyatt windows has similar?"
    Take advantage of that.
  • Just got user lol I was having issues with Mac OS lol very simple just enumerate the F** files and then use what you find from one to unlock the other :D and then you are in!

  • @bluekanoodle said:
    Is anyone else having a problem today with the machine being unresponsive? Every time I connect it seems to work for one or 2 commands then it gets stuck and I have to reconnect. Wasn't sure if it was just me?

    that's because people keep resetting it :)

    ipbsec

  • @iainpbsec said:

    @bluekanoodle said:
    Is anyone else having a problem today with the machine being unresponsive? Every time I connect it seems to work for one or 2 commands then it gets stuck and I have to reconnect. Wasn't sure if it was just me?

    that's because people keep resetting it :)

    Well that's dumb. LOL

  • Ok, I am officially stuck trying to get root, I've been trying variations of the r****. Tried to do it on a local windows machine to see if I'm missing something, but I feel like I'm not even sure what I'm trying to do. Anyone want to PM me a hint?

  • edited October 2018

    I have some trouble with the .mdb file, i think the file is corrupted ... Someone can pm me for give me a hint ?
    Edit : It's ok thank you

  • Finally got root!
    I thought the difficulty was low!...boy was I wrong. I guess when you don't know something, it's hard!

    Thanks to @raouf09 for help, turns out I was on the right track but didnt understand the syntax of a command. I still think the way I got it was an unintentional method though.
    I will be happy to discuss with those how they got it and share my thoughts.

    Priv Esc Hint.
    Read over these forums over and over again. There are plenty of hints there.

    Imagine if you can cd into administrator/desktop what will you do to view root.txt? Combine this with the another command.

    I strongly recommend you testing your command line commands on your local windows host to understand the output or errors. This worked for me! Learnt a lot from this great box! Thanks @egre55 for this box!

  • @yaritu said:
    I just moved the security user to the local administrators group, but I can't access read the root.txt file

    Any Hints ?

    I did the same thing only to realise later that it was not needed. The good thing is that you got the command to work. Now you do more with that command. Test these commands on your own windows host first.

  • I have the root.txt file but even when i own it it still asks me for the password, help needed pls guys!

Sign In to comment.