@tulio666 said:
ok, i’ve ownd User, now i’m stuck on the r**** command. i think my syntax is right cuz it keeps me asking for Administrator password… can someone help me in pm?
There is a switch which prevents it from asking. However may still ask even if you have entered a non-existent account.
@tulio666 said:
ok, i’ve ownd User, now i’m stuck on the r**** command. i think my syntax is right cuz it keeps me asking for Administrator password… can someone help me in pm?
There is a switch which prevents it from asking. However may still ask even if you have entered a non-existent account.
got it! needed to test the line before on windows then did it perfectly on telnet. Hint to find the r***.t** file faster is to use with the branches and leaves of a tree [=
OK, so, this box…
User is pretty straight forward. Just check if the file is corrupted or something. Also, there are some online tools to help on reading and stuff.
Privesc.
I think the most difficult part is finding the attack vector, but since u are reading the forum, u probably know what to do by now.
A few tips:
The program asks for a password
A. Read the program’s manual, there is a option to bypass that
The command executes, but doesn’t echo its results (no response)
A. Just use the command to get another shell
Cant read the root.txt
A. Replace owner on subcontainers and objects
Still banging my head. It looks like I can run things as an admin user from the tasklist showing things running escalated but I can’t look at directories or files as admin. I was able to add the compromised user to the Admins group, even, but no love getting the file.
I’ll ask the same question here that I asked on the main thread. What pointed you to this escalation vector? (other than the forum). If there was no forum how could you have figured out that this sudoish command is the way to get “root” (Other than trial and error).
@xcorpion said:
I’ll ask the same question here that I asked on the main thread. What pointed you to this escalation vector? (other than the forum). If there was no forum how could you have figured out that this sudoish command is the way to get “root” (Other than trial and error).
In security user’s desktop (if I remember correctly) there is a link file to start the webcam app. If you open it you see the “lazy” command. But I’m new to windows machines (and I suck).
got user earlier on, stuck on getting root, can see the file but getting ‘Access is denied’ - have tried running the r**** command but am still the s******* user
Humm… after reading all these comments, I feel some ppl are just overcomplicating stuff. You know you don’t have to get an admin shell or add the user to admin group in order to get the root file.
hello all! Im able to use r***s i test the command and i can execute as admin, but commands to get the root.txt are not working Im terrible at windows so if someone can pm me please! otherwhise i think anything that i write could be a spoiler
@Sogeking said:
Humm… after reading all these comments, I feel some ppl are just overcomplicating stuff. You know you don’t have to get an admin shell or add the user to admin group in order to get the root file.
Hi! would appreciate any suggestions. I’ve tried so many variations of the r*** command and I just can’t access the root.txt file. (the command isn’t even working properly on my own windows machine so it obviously has some issues in it)