Access

rooted. Thank you @hray for the hint. PM if you want a nudge in the right direction. Cheers @egre55 for the box.

rooted! Thank you @egre55 for the box. Learned a lot and improved my Windows cmd skills.

Special thanks to @MrFlash24 and @hray for the tips. This is just my 2nd box and would take a longer time to root w/o your help.

@nagarajnow said:
can anyone pls share which tool have you used to crack acc*** C0n****.zip file? I used zipjohn with rockyou and failed,

Please check B****.mdb File

I spent 3 hours absolutely hating this privesc portion, until I finally figured it out. I feel so accomplished, and I learned a ton about privesc on windows! Something I’ve been fairly weak in. This might even be my favorite challenge now.

If anyone is still struggling, the hints above are all you need. really read the man pages! ALL OF IT!

@baseball737 said:
Can someone help me with the privesc I run with r***s, i’ve used the .exe file but after more then 150+ tries and trying it on my own windows machine. I still can’t get it to work…

Rooted, thanks to @MrFlash24

Hi, scanning using nmap and it show f** and t****t is closed, it is ok? I read some post in this thread they login to f** then download something. anyone can give me hint?

@darkcyber said:
Hi, scanning using nmap and it show f** and t****t is closed, it is ok? I read some post in this thread they login to f** then download something. anyone can give me hint?

nevermind, wrong thread. I should this is about Access machine, not Active machine.

I wouldn’t have figured to use r**** without the hints here. What was I supposed to find on this box that would’ve led me to try using this tool on my own?

Yo guys,

I’m stuck on what i believe to be the last part of root priv esc. Found the Z********** flaw but struggling to leverage it. Advice would be appreciated!

finally got the privesc after WAY too many hours. figured out what i probably have to do in the first 15 minutes, struggled with the rest for wayyyy too long

do yourself a favour and try whatever you’re doing on an actual windows machine before you try it on this box. it will save you massive headaches

@rowbot said:
Looking to learn a lesson here. For PE, how did you know to use R**? I take it the Z** was a rabbit hole?

I have the same question. Without the ton of spoilers on this forum how would you have figured out that the command mentioned everywhere was the PE vector ? After I enumerated the box It didnt look like the PE was thru an obvious PE Exploit because the box was fully patched but other than that nothing hinted at this being the route to PE.

Thanks!

r00ted! thanks to @YellowBanana and @numbfrank

if anyone goes for the r***s option look for the manual! and syntax syntax syntax. Even though I though I had everything correct there was a small piece missing.

Hi everyone,
I am still stuck after getting the password from the pst file. I don’t know where to find the “security” account. Please can I get a hint.

My bad, I found my mistake

@0x41 said:
finally got the privesc after WAY too many hours. figured out what i probably have to do in the first 15 minutes, struggled with the rest for wayyyy too long

do yourself a favour and try whatever you’re doing on an actual windows machine before you try it on this box. it will save you massive headaches

Requires a shell? I’m trying to show the content of root.txt with r***s but I’m not sure if with that command is enough.

i would suggest to understand what stored credential is in the windows server

Yeah!! Finally got root! thankyou all for the hints!

I’ve been stucked for days on this box. Tried every rs variation, but prompt doesn’t show anything.
I know that i am on the right track because of the c
*y command.
Can someone PM me please?

Anyone have any hints for PrivEsc? I owned user and am attempting to use r**** to spawn a admin c** shell so I can access the admin dir, I keep getting prompted for password though so I am sure that my syntax is wrong for the command

Rooted! Thank you @MrFlash24

Feel free to PM me if you’re running into issues.