I’m not sure what was said in this thread, but this was a very weird privesc. I got up to root.txt very quick, but was on that last step for about a day. It turns out that it was a syntax error on my part.
I’m willing to help out if anyone needs a hand – let me know what you’ve done so far.
finally got the root.txt flag. If anyone wants any hint pm me. Thanks to the people that gave me some tips. anyone who got a reverse shell please pm me.
@YellowBanana said:
finally got the root.txt flag. If anyone wants any hint pm me. Thanks to the people that gave me some tips. anyone who got a reverse shell please pm me.
please let me know how i will get root.text flag.i stuck in r**** and lazy user
So I’ve confirmed my syntax on the rs command is working by capturing the output of 'n u* \<share>’ on my machine, but am still struggling with a next step. Looking for any PMs with assistance!
@voncount said:
So I’ve confirmed my syntax on the rs command is working by capturing the output of 'n u* \<share>’ on my machine, but am still struggling with a next step. Looking for any PMs with assistance!
I’ve got user, but root is killin’ me. I’ve found the Z*****5 hint and the location where the meat of that actually lives, been reading the r docs most of the weekend, and messing around with syntax, but haven’t had luck getting it to work yet. Pretty sure what the ‘lazy admin’ flag for the command ought to be, but that hasn’t seemed to help yet. Figure I have to be missing something.
I’ve found that I should be able to ByTCh*** with what I’ve got, but still struggling to ty** the file I want with r****. Good grief that’s a lot of asterisks, but if anyone has a minute to shoot a hint my way, I’d appreciate it. Feels like I ought to be pretty close to done with what I’ve got.
Hi all ,
I am newbie , ive read all the lovely hints and i am stuck on a particular method. By reading the hints carefully i managed to obtain the username and password from *****file but i tried to login with the known ports but no dice.
Any hints will be appreciated !!!
Enjoyed this box. My first one on htb. Windows Privesc is definitely an area that I need to focus on. I was reminded of a useful command here. Good stuff! Peace!
@voncount said:
deleted - got root after the box was reset (for the Nth time)
Tried my same steps this morning (I didn’t keep the hash for my records) and they failed. I’m not sure if I’m missing something (perhaps someone else was on the box that made a change while I was on it) or if the box is just screwy, but I’m curious if anyone else had the same experience. PM me if you’d like to compare notes.
Like a lot of others here, I’ve successfully gained user access, and am now trying to use the r**** command with /s******d to poke further, but failing somewhat at where to go with that.