Access

I wouldn’t have figured to use r**** without the hints here. What was I supposed to find on this box that would’ve led me to try using this tool on my own?

Yo guys,

I’m stuck on what i believe to be the last part of root priv esc. Found the Z********** flaw but struggling to leverage it. Advice would be appreciated!

finally got the privesc after WAY too many hours. figured out what i probably have to do in the first 15 minutes, struggled with the rest for wayyyy too long

do yourself a favour and try whatever you’re doing on an actual windows machine before you try it on this box. it will save you massive headaches

@rowbot said:
Looking to learn a lesson here. For PE, how did you know to use R**? I take it the Z** was a rabbit hole?

I have the same question. Without the ton of spoilers on this forum how would you have figured out that the command mentioned everywhere was the PE vector ? After I enumerated the box It didnt look like the PE was thru an obvious PE Exploit because the box was fully patched but other than that nothing hinted at this being the route to PE.

Thanks!

r00ted! thanks to @YellowBanana and @numbfrank

if anyone goes for the r***s option look for the manual! and syntax syntax syntax. Even though I though I had everything correct there was a small piece missing.

Hi everyone,
I am still stuck after getting the password from the pst file. I don’t know where to find the “security” account. Please can I get a hint.

My bad, I found my mistake

@0x41 said:
finally got the privesc after WAY too many hours. figured out what i probably have to do in the first 15 minutes, struggled with the rest for wayyyy too long

do yourself a favour and try whatever you’re doing on an actual windows machine before you try it on this box. it will save you massive headaches

Requires a shell? I’m trying to show the content of root.txt with r***s but I’m not sure if with that command is enough.

i would suggest to understand what stored credential is in the windows server

Yeah!! Finally got root! thankyou all for the hints!

I’ve been stucked for days on this box. Tried every rs variation, but prompt doesn’t show anything.
I know that i am on the right track because of the c
*y command.
Can someone PM me please?

Anyone have any hints for PrivEsc? I owned user and am attempting to use r**** to spawn a admin c** shell so I can access the admin dir, I keep getting prompted for password though so I am sure that my syntax is wrong for the command

Rooted! Thank you @MrFlash24

Feel free to PM me if you’re running into issues.

I need help with privilege escalation I do not know what to do, someone could guide me

Got system.cant read flag,pipe ,echo, transfer nothing. R***** works , i can see new instances spawning but cnt get it to echo flag …

Hi guys, my first call for help! With Access box - I have used runa got access to folder of root, taken ownership, used cacls etc. If i do a dir /q it shows security is the owner but i can still not read the file. I have tried redirecting trough runa* also but with not success. Would appreciate if any 1 can give my a hint of what i am doing wrong.

(3) Finally Done
in 2 days

@0xlc said:

@jownz said:
anyone got some tips on the initial 2 files? I know you have to analysze one, but one seems locked and one segfaults while analysis…

check if you get it properly. check the size on the *** server and yours.

i got it using nemo file manager insted of classic way. with *** they were corrupted.

Thanks!
+1

im getting this error
offset 7585302654976 is beyond EOF
Segmentation fault (core dumped)

when try to open b**.mdb using mdbtools. any hint as to how to resolve this?

Alright, I am rather stumped! I have Owned USER and I am hours into trying to figure out privesc to absolutely no avail I have tried to te several of the d files and have found a few that I cannot t**e as well I have tried using a few BF exploits and nadda. If any of you geniuses get a moment and feel kind, a PM hint would be absolutely phenomenal and Im sorry to bother you guys as I prefer to figure this out alone!

Thanks and I look forward to ANY help!