Access

1212224262740

Comments

  • I got root

  • Alright Ladies and Gents, I am 14hrs into trying to figure out this r***s debacle for privesc. PM me and I will send you the latest command Im using. I apologize for the irritation but any help is welcomed! THanks ALL!

  • After a little frustration i got r***s working, as others have suggested, give it a go on a windows 10 PC to see what he behavior is.

  • edited December 2018

    Ahhhh!! took one day to get root. There are two ways to get the root.txt with r***as after user. Follow the hints provided in the forum.. you will have it

  • Anyone I can PM? I have what I think is a correct rs command but still failing!

  • For everyone who is trying to root via runas, don't try to read the root.txt file or run any other command directly (since you also don't see output), try to create a reverse shell first via that command.

    Hint for everyone who doesn't know why runas should help him in PrivEsc, search the possible arguments on the internet and then it should be really obvious which one is helpful for that purpose

    For further hints PM me.

  • @GDX's advice put me over to get root. PM for non-spoiler nudges!

  • Can somone PM for help on root?
    I know I need to user R**** but I cant figure out how to use corectly.
    Thanks,

    • Coremed
  • Hello!
    I'm stuck on this privesc part for some time now .
    I think I have figured out how to use the r**** command but I'm really not sure what to do no next. Do I need the admin password for it? If yes, any hints? Is it one of the 3 passwords found earlier?
    Please PM.
    Thanks!

  • @summerboy said:
    Hello!
    I'm stuck on this privesc part for some time now .
    I think I have figured out how to use the r**** command but I'm really not sure what to do no next. Do I need the admin password for it? If yes, any hints? Is it one of the 3 passwords found earlier?
    Please PM.
    Thanks!

    I think you don't really understand how to use r***s in this case because you're asking if you need a password for the admin.

  • @bokanrb said:
    Im stucking on root. already got system rights, but I'm still can't read root.txt. Can anyone PM me?

    bro i have a any problem

  • edited December 2018

    Stuck on get user.

    I already read email so I know security account and the password, but try to log in in f** failed, try to login s__ logged in as en_in__r and security but I can't read anything.

    Where I'm doing wrong?

  • @darkcyber said:
    Stuck on get user.

    I already read email so I know security account and the password, but try to log in in f** failed, try to login s__ logged in as en_in__r and security but I can't read anything.

    Where I'm doing wrong?

    Maybe you should enumerate all open ports

  • edited December 2018

    @tacosaurus said:

    @darkcyber said:
    Stuck on get user.

    I already read email so I know security account and the password, but try to log in in f** failed, try to login s__ logged in as en_in__r and security but I can't read anything.

    Where I'm doing wrong?

    Maybe you should enumerate all open ports

    Sorry, I don't get it. I try f__ and s__ login with thus credential but no luck. So I don't know where to go with thus credential.

    UPDATED :
    Finally got user.txt, looks like I need to reset machine then login to t_l_et using thus credential.

    Now Stuck on root.txt

    /s______d is not working where I'm doing wrong?

    Do I need to enumerate after logged in as security? But I don't know what to enumerate.

  • I loggin as Administrator but stuck on Access Denied on token file, hint by PM ?

  • @GDX said:
    For everyone who is trying to root via runas, don't try to read the root.txt file or run any other command directly (since you also don't see output), try to create a reverse shell first via that command.

    Hint for everyone who doesn't know why runas should help him in PrivEsc, search the possible arguments on the internet and then it should be really obvious which one is helpful for that purpose

    For further hints PM me.

    You're right!

  • @darkcyber said:

    @tacosaurus said:

    @darkcyber said:
    Stuck on get user.

    I already read email so I know security account and the password, but try to log in in f** failed, try to login s__ logged in as en_in__r and security but I can't read anything.

    Where I'm doing wrong?

    Maybe you should enumerate all open ports

    Sorry, I don't get it. I try f__ and s__ login with thus credential but no luck. So I don't know where to go with thus credential.

    UPDATED :
    Finally got user.txt, looks like I need to reset machine then login to t_l_et using thus credential.

    Now Stuck on root.txt

    /s______d is not working where I'm doing wrong?

    Do I need to enumerate after logged in as security? But I don't know what to enumerate.

    I'll PM you.

  • edited December 2018

    Finally got r00t, if you stuck on root.txt, read this carefully

    • make sure you know where is the full path of root.txt
    • you can check with c_dk_y /list of course the Administrator is save the password in Credential manager
    • Somehow type command doesn't return output when you combine with r__as command, so I hope you know how to redirect output to somewhere with the full path of file you want to read, and where you want to store.
    • You just need 2 options /u__r of course, and /sa__c__d

    I hope it help

    anyway thanks @clmtn @Beggy @brohlm

  • @darkcyber said:
    Finally got r00t, if you stuck on root.txt, read this carefully

    • make sure you know where is the full path of root.txt
    • you can check with c_dk_y /list of course the Administrator is save the password in Credential manager
    • Somehow type command doesn't return output when you combine with r__as command, so I hope you know how to redirect output to somewhere with the full path of file you want to read, and where you want to store.
    • You just need 2 options /u__r of course, and /sa__c__d

    I hope it help

    anyway thanks @clmtn @Beggy @brohlm

    Congratz @darkcyber :D

    Hack The Box

  • Any hints? Downloaded two files via f** the b*****.m** seems to be corrupted; other file is password protected. Tried several m** recovery tools none of which worked. My first windows box :persevere:

  • @Ryan. Change your transfer mode and try download the files again.
  • edited December 2018

    @Malone5923 said:
    @Ryan. Change your transfer mode and try download the files again.

    Managed to get it using wg** instead which worked fine. Got some credentials but t**** is saying specified user is not a member of TelnetClients group. Is that expected behaviour?

    EDIT:

    FIgured it out! :P

  • Hey guys,
    Currently I am looking to own system. I am t*****ting with an account, not quite an elevated account however. Anyone able to PM some pointers on Privesc?

    If someone was helpful, don't forget to give +1 Respect.
    Arrexel

  • @Rainerd said:
    Hey guys,
    Currently I am looking to own system. I am t*****ting with an account, not quite an elevated account however. Anyone able to PM some pointers on Privesc?

    If you have already read the email, it should logged in successfully.

  • @darkcyber
    I have used said account, but it's not an admin?

    If someone was helpful, don't forget to give +1 Respect.
    Arrexel

  • edited December 2018

    Got it...

  • > @darkcyber said:
    > Finally got r00t, if you stuck on root.txt, read this carefully
    >
    >
    > * make sure you know where is the full path of root.txt
    > * you can check with c_dk_y /list of course the Administrator is save the password in Credential manager
    > * Somehow type command doesn't return output when you combine with r__as command, so I hope you know how to redirect output to somewhere with the full path of file you want to read, and where you want to store.
    > * You just need 2 options /u__r of course, and /sa__c__d
    >
    > I hope it help
    >
    > anyway thanks @clmtn @Beggy @brohlm

    Got root. Thanks, I can't believe that I was stuck because of the path...
  • @Rainerd said:
    @darkcyber
    I have used said account, but it's not an admin?

    yes that is not admin, get user.txt first with thus account, then privesc to got root.txt

  • Hey,
    Been working on privescing for some time now, I think I'm close but I get syntax errors for r**** which I do not understand. Could someone give me a hand please?

  • @Urmine said:
    Hey,
    Been working on privescing for some time now, I think I'm close but I get syntax errors for r**** which I do not understand. Could someone give me a hand please?

    read the manual

Sign In to comment.