Access

@avoidy said:
7za x myfile.z**
If I remember correctly its due to the zip file being encrypted with aes so you get an invalid sequence with z**.

For the p** file, depends on your system, if on windows simply import or open in outlook. If on a linux OS then install and use “readpst”. - It worked for me.

Hopefully this ain’t no spoiler but some help.

Very thanks! i learned a lot thanks to you.

Hello guys,
I got local user access. It was not so difficult.
Now I am stuck on PE. I have discovered "Z*****s application, probably service too. Is it right path?
I would appreciate, If you give me a hint.

@c0uldb3 said:
Hello guys,
I got local user access. It was not so difficult.
Now I am stuck on PE. I have discovered "Z*****s application, probably service too. Is it right path?
I would appreciate, If you give me a hint.

There are plenty of tips on this topic about PE process so that you can get on the right path :slight_smile:

Hey, can anyone help me for this situation? I found a service named ZK**** . and i searched for it. i used this command ics Z*5 and it gave me some information. But i don’t know how to proceed my steps. I’m trying to rs but i didn’t manage to use it. I’m very sad with services and tools which i don’t know what is it. You can also pm me if your answer is including spoilers.

ok… got user flag… stuck on the runas command… any hint? i’ve already checked every single page of this box here… i’ve read runas docs… tried almost every combination but no results… what i can’t see?

@Sixpon said:
Hey, can anyone help me for this situation? I found a service named ZK**** . and i searched for it. i used this command ics Z*5 and it gave me some information. But i don’t know how to proceed my steps. I’m trying to rs but i didn’t manage to use it. I’m very sad with services and tools which i don’t know what is it. You can also pm me if your answer is including spoilers.

@cptUP said:
ok… got user flag… stuck on the runas command… any hint? i’ve already checked every single page of this box here… i’ve read runas docs… tried almost every combination but no results… what i can’t see?

The only hint I can give to both of you is: Users are lazy and apparently really hate retyping their passwords or in this case, the admin! :smile:

Finally rooted. This machine will force you to go back to the basics. Can’t believe how lazy I’ve been. Here are my spoiler-free hints:
Limited Shell

  1. Enumerate the available services using manual and automatic methods.
  2. Learn to open files from a “low level” point of view. If using Kali, you already have the tools to do this. Nothing needs to be downloaded nor will you need any commercial software.
    Root
  3. The privilege escalation was the best and most excruciating part. There are many considerations for enumerating the Windows OS. Collect EVERY fact of data. Enumeration is key to finding an essential fact regarding this machine.
  4. Using the discovered fact from above, you will use it in conjunction with a built-in Windows tool.
  5. The kicker: You must privy yourself on the expected output for each option/parameter this tool provides! Go to Microsoft’s page and review the examples and READ THE DESCRIPTION for each option/parameter available to the tool. Understanding this tool COMPLETELY is essential. Test the tool in your own environment, and note the general behavior. This will help you formulate a plan and see the whole picture (versus what you are observing on the target…).

Rooted. Getting user was fun, was able to use some things I learned from CTFs a while back. This box ended up being super simple for root, just have to do some typical Windows enumeration and pay attention to syntax once you find the interesting configuration (many hints in this thread already).

I was able to run various commands with what I thought was the right syntax, but any time I tried to t*** a specific file it ended up failing. After a simple syntax change, I was able to run the command with no issues.

Hello, I have both file, but I am not able to find password in DB for zip file.
(I found 3 credentials but not working neither for telnet…)

Any Hints?

EDIT: I had typo :tired_face:

@Smausko said:
Hello, I have both file, but I am not able to find password in DB for zip file.
(I found 3 credentials but not working neither for telnet…)

Any Hints?

One of the passwords should be valid. Hint: Take a look from which folder you pulled it.

Hey guys, I feel like I’m at the point where I could use some advice or a hint if possible!

I have the user flag, I’m working towards the root one right now and running into a wall re: the enumeration aspect. I’m following numerous guides out there about looking into identifying users, services running, scheduled tasks, etc. I’ve attempted a bunch of different privilege escalation techniques from a meterpreter session that haven’t gone anywhere either.

I keep seeing people referencing users’ laziness, the admin’s disdain for re-typing their credentials, alongside the r**** command and some sort of particularity that I should be seeing about something’s setup/configuration that comes up through my enumeration.

At this point I’m just not sure what it is I should be looking at. I probably have all of the data in front of me, but I’m not exactly sure what the anomaly is that I should be spotting.

Any help would be welcome, thanks!

“I keep seeing people referencing users’ laziness, the admin’s disdain for re-typing their credentials”
Check your enumerated data for references that relate to the sentence above.

Nice box, user was easy, root well obfuscated, overall fun challenge, where I had FULL root love it.

@kanecain said:
“I keep seeing people referencing users’ laziness, the admin’s disdain for re-typing their credentials”
Check your enumerated data for references that relate to the sentence above.

I guess I’m just still not sure where I should be looking. I just went down a big rabbit hole trying to use cm**** /list in conjunction with r**** and thought I was getting somewhere, but it appears not.

I know how to get user but i cant because I have some problem downloading files from ftp. Somebody please PM me. Thanks

@ADude2 said:

@kanecain said:
“I keep seeing people referencing users’ laziness, the admin’s disdain for re-typing their credentials”
Check your enumerated data for references that relate to the sentence above.

I guess I’m just still not sure where I should be looking. I just went down a big rabbit hole trying to use cm**** /list in conjunction with r**** and thought I was getting somewhere, but it appears not.

Maybe, maybe not. Or maybe you need to truly understand or even observe how the r**** command works…

I don’t know where I am going wrong been trying to root for 2 days with countless escalation, and enumeration attempts with r**** even following the hint on the other desktop yet no avail, PLEASE HELP

Finally got it, thank you for those who helped! Much appreciated!

Got it too…had to do it with a reverse shell as admin couldnt do it with multiple commands with ru**s

Nice machine for Linux people with low knowledge on windows. Learnt few things with this one. Hints on this topic are enough to crack this machine.