Querier

Thanks to @mcruz and @peek I have secured the two uncles. Feeling a little stupid though as I can’t seem to figure out to make that one last step and get that elevated shell in spite of having the Admin Creds. :frowning:

@sportsfreak Impacket has a tool for that. Thanks to @1NC39T10N for giving me a hint on that one.

Update: Got the root flag. Will definitely try to see if I can spawn a shell with Admin privileges.
EDIT: Well got a root shell too using Im*****t, Guess that will be it for Querier. Wonderful box. Learned a ton.

Thanks @mrh4sh and @egre55 for the box.

Thanks @mcruz , @peek and @Malone5923 for the hints…

Though I have found the creds from the hash, I have no idea what the username is. I tried using Res****** as in the Giddy Up video, but I can’t get that to work, and Im****** tools doesn’t give me a user :anguished:

Wait. Nevermind. I was just retarded.

Type your comment> @sportsfreak said:

Update: Got the root flag. Will definitely try to see if I can spawn a shell with Admin privileges.
EDIT: Well got a root shell too using Im*****t, Guess that will be it for Querier. Wonderful box. Learned a ton.

Thanks @mrh4sh and @egre55 for the box.

Thanks @mcruz , @peek and @Malone5923 for the hints…

You are welcome

A subtle hint for root.

Can someone please PM me on how they did file transfers on this box? I have the m****-s** account, but I have no idea how to go from s** and file transfer to the actual server. I’ve tried p*sh, ftp, etc… Hints please!

can someone pm me how to find cred file what you guys mention, I tried many tools for smb port but nothing be shared

If your payloads for root aren’t working, this could be why: This script contains malicious content and has been blocked by your antivirus software.

Also, x*_c******* repeatedly gets disabled on its own after enabling. I assume for the same reason as above.

Still trying to get root… I have a feeling a facepalm will be in my future…

ignore

Got root.txt. This is one of the best machines in HTB. I learned a lot in Windows world. Thats my weakness. WIth Giddy and this machine. I learned a lot in windows.

Thanks for makers for your time and effore @mrh4sh and @egre55

Thanks for @1NC39T10N @Malone5923 and @LegendarySpork for hints and help during this machine.

PM me for hint or nudge.

deleted

You kids and your fancy modern technology for getting root. I just looked.

I have root, thanks a lot, if you need help, PM me.

Hi …
I got into SQL … trying to get a shell using x**l and nis …Getting a syntax error …Can anyone help me …Please pm …thanks

I have command execution using X**l

EDIT :- NVM …Got user shell!!

Type your comment> @sillydaddy said:

Hi …
I got into SQL … trying to get a shell using x**l and nis …Getting a syntax error …Can anyone help me …Please pm …thanks

I have command execution using X**l

Did you enable it first?

Type your comment> @mcruz said:

Type your comment> @sillydaddy said:

Hi …
I got into SQL … trying to get a shell using x**l and nis …Getting a syntax error …Can anyone help me …Please pm …thanks

I have command execution using X**l

Did you enable it first?

try help !

ok, stupid question … have another user with admin and his password (since i created him), how do i switch to him in cmd or ps, everything hangs on me :frowning:

Type your comment> @ntroot said:

ok, stupid question … have another user with admin and his password (since i created him), how do i switch to him in cmd or ps, everything hangs on me :frowning:

I’m having the exact same problem… let me know if you make progress

At last got root flag …

Would love to know how to get a root shell … Tried creating new credentials in power shell with two uncles and start-process to get a reverse shell