Access

USER:
To get the user the main advice is to be aware of the output of the commands you make. If your files are corrupt (100%) it is because you do not pay attention to the commands’ warnings.
ROOT:
Look all the users directories, u will find a interesting command that u need to use. Obtain a shell and download the file that u need. Thats all.
GOOD LUCK

It’s my first box which I try. Found f** got m** and A*****.z** via b***** mode, so they dont get corrupted. Found some credentials inside m**, but they don’t seem to work.
Can I DM someone to get a little hint and see if the credentials are the correct one?

Props to @egre55 for this box. Embarrassed to admit how much time I spent down the wrong rabbit hole. As frustrating as that was, I think I learned so much more because of it. Fantastic box.

If someone who really understands this box would DM me I would love to ask a couple of questions to clarify some things.

Hi all!

I’ve gotten user.txt but kinda stuck at running the magical command to read the root.txt.

The posts in here has been extremely helpful (so is SS…) but I am not sure if the way I have arrange the options using that magical command is correct.

Would anyone be available to help nudge me in the correct direction?

Thank you. =)

So grabbed the A*****.z** and M** files. Went back an have tried redownloading them using the b***** setting, but fcrackzip using rockyou is failing to find the password for the Z** file. Is there something else I’m missing?

Type your comment> @Retsurai said:

So grabbed the A*****.z** and M** files. Went back an have tried redownloading them using the b***** setting, but fcrackzip using rockyou is failing to find the password for the Z** file. Is there something else I’m missing?

Go through the M files. It’s painful but you will find what you need.

Type your comment> @pingunrchable said:

Type your comment> @Retsurai said:

So grabbed the A*****.z** and M** files. Went back an have tried redownloading them using the b***** setting, but fcrackzip using rockyou is failing to find the password for the Z** file. Is there something else I’m missing?

Go through the M files. It’s painful but you will find what you need.

Haha, thanks a ton. Took about 20 seconds to find the password. Not sure why it didn’t occur to me to just take a look in the M**

Type your comment> @Retsurai said:

Type your comment> @pingunrchable said:

Type your comment> @Retsurai said:

So grabbed the A*****.z** and M** files. Went back an have tried redownloading them using the b***** setting, but fcrackzip using rockyou is failing to find the password for the Z** file. Is there something else I’m missing?

Go through the M files. It’s painful but you will find what you need.

Haha, thanks a ton. Took about 20 seconds to find the password. Not sure why it didn’t occur to me to just take a look in the M**

No problem! =)

My HTB first challenge. I scanned nmap. I’ve tried h… ports M… at metasploit. But could not challege. What i mistakes. Can you help me ?

After posting a scream for help yesterday, I’ve figured out where in the command I have got wrong and finally got root.txt!

Alot of thorough reading of MS documentation and experimentation has gone into breaking into my first box!

Overall good experience in the CLI side of Windows which I would have never touch or known about.

PM me if you require some nudging. =)

got the access to sec**** account . now how to do priv esc

rooted, if need help, pm me

Having trouble with the r**** command, would appreciate a nudge in the right direction.

Type your comment> @darkvampire said:

USER:
To get the user the main advice is to be aware of the output of the commands you make. If your files are corrupt (100%) it is because you do not pay attention to the commands’ warnings.
ROOT:
Look all the users directories, u will find a interesting command that u need to use. Obtain a shell and download the file that u need. Thats all.
GOOD LUCK

Completely stuck on root… is anyone willing to help?

I’ve given up on this… I’ve read countless forums, documents, and anything else I can find to help. Including here. I just can’t grasp the concept and will no longer waste my time.

Hey, everyone. This is my first box and I could really use some guidance. I was able to get user, but am running into some weird issues with getting root. Sometimes, I can use the proper syntax to get an elevated prompt. From there, I can navigate to the root flag and change permissions and all that. I can’t read the file, and I’m working through figuring that out, but it’s very hard to make any progress across box resets. It seems that every so often, my privesc command won’t allow me access when I am positive that I know it works. I can reset this box myself and my commands will work every other time or so. Is this supposed to happen? Tell me if I’m missing some crucial information. Thanks!

Wow, I finally managed to get the root flag. You have to keep messing around with r**** until you get the correct way to do it. Also, focus on t****t, and ask yourself why you don’t get any output, and figure out a way to read the output somehow.

This is a frustrating machine, but once you get the root flag, it feels great hehe. I learned a lot about windows with it, great job to the one who created it.

For those who need a hint with privilege escalation, on the desktop of a user is a file that gives you a hint. Maybe with your own file instead?

I rooted the box by using r**** and giving myself the necessary tools to do the job (if you know what I mean). If you got the privesc with a different method, PM me!