Querier

1101113151618

Comments

  • I like this box!!!
    Learned a lot from the creator)))!

  • Finally rooted this machine... it took me quite a while to figure out the root and the user.
    Most of the hints has already been mentioned in the thread, but here are some of my extra tips:

    1. Keep enumerating and you shall find something.
    2. It is easy to differentiate the rabbit hole by identifying common services that were being exploited and also enumerate them.
    3. Don't be blind like me, read every inch of the hints you found from the server, if you didn't find anything related to it, then read it carefully again.
    4. Impacket will be useful at this stage, once you found something, the hint of giddy will then make sense for you.
    5. Finally all the hints for priv esec is already discussed here, read them, and do take care about the escape character properly.

    Arrexel

  • need a nudge on the im******* script. i have run other scripts and successfully able to gather info from the server. the im***** for the DB, fails... Could someone provide a little assistance please.

    Demonseed74
    ccie|ccnp|ccdp|ccip

  • I'm able to execute system commands on behalf of ms*****vc user, but trying for 2 days to achieve reverse shell and nothing is working (Defender is killing my payload)... Please, any nudge on this?

    Razzty

  • Got shell. Now onto root! Big thanks to @NoPurposeInLfe !!

    Razzty

  • I am able to connect to S******* with r******** but I am unable to find a way forward that would allow xp******. I have tried several escalations but none have worked. I am a bit lost. Please DM any suggestions.

  • edited April 2019

    picked up user and root flags, still looking to get root shell.

    Demonseed74
    ccie|ccnp|ccdp|ccip

  • picked up user flag done ! getting shell :D ! but still not get r00t glag ! :(

  • edited April 2019

    r00t great box !! i liked !!!

  • Got User & Root, I like thix box ! more windows machine please :)

    PM if you need some help

  • I have found vba******.bin.

    With a tool of the p*****-oletools package I have found a Uid=r*******g and a Pwd.
    But I can not connect to mssql server...

    The Uid & Pwd is it a rabbit hole?

    What is the best tool to connect to the server? I use sqsh... ver basic.

    Thanks in advance for any hint!

  • Type your comment> @hacklife said:

    I have found vba******.bin.

    With a tool of the p*****-oletools package I have found a Uid=r*******g and a Pwd.
    But I can not connect to mssql server...

    The Uid & Pwd is it a rabbit hole?

    What is the best tool to connect to the server? I use sqsh... ver basic.

    Thanks in advance for any hint!

    You are on the good way search a good tools ;-)

  • Type your comment> @1c4re1337 said:

    Type your comment> @hacklife said:

    I have found vba******.bin.

    With a tool of the p*****-oletools package I have found a Uid=r*******g and a Pwd.
    But I can not connect to mssql server...

    The Uid & Pwd is it a rabbit hole?

    What is the best tool to connect to the server? I use sqsh... ver basic.

    Thanks in advance for any hint!

    You are on the good way search a good tools ;-)

    Thanks... I just used impacket... and the same problem: Login failed...

    I would appreciate any hint or PM :)

    Thank a lot

  • Thanks... I just used impacket... and the same problem: Login failed...

    I would appreciate any hint or PM :)

    Thank a lot

    Look the password ;)

  • Finally rooted !

    @dr0ctag0n many thanks for time spent to compare my Im...ket usage which was correct but didn't work in my case. I found a workaround later on. Also thank you for confirmation that I am on right path for root.
    If anybody needs help send a PM.

  • edited April 2019
    Struggling with the initial foothold. Both s** and m***l seem to be password protected. Am i going the right way?

    Update: Found some cu****** re****.xl**, am i even on the correct smb? LOL...feels weird.

    jattion

  • Type your comment> @jattion said:

    Struggling with the initial foothold. Both s** and m*l seem to be password protected. Am i going the right way?

    Update: Found some cu****** re****.xl
    , am i even on the correct smb? LOL...feels weird.

    You are and enumerate that file :)

  • edited April 2019

    Type your comment> @innocent said:

    Type your comment> @jattion said:

    Struggling with the initial foothold. Both s** and m*l seem to be password protected. Am i going the right way?

    Update: Found some cu****** re****.xl
    , am i even on the correct smb? LOL...feels weird.

    You are and enumerate that file :)

    Yup i found it...what a way to hide the creds. Almost thought i downloaded the wrong thing when i opened to a blank sp****sh***. :)

    jattion

  • edited April 2019
    Any help on getting root? I have access to ms*** using im****** and using xp_c*****ll to execute p****s**ll commands keeps resulting me getting block by an anti-virus. Uploading scripts to s** service also results in access denied error message. Am i doing this wrong? Sorry this is my first windows machine so any help is appreciated. :) Forgot to mention that i have already captured the hashes as shown in gi*** and have access to ms***-**c

    Update: Rooted the box. Pm meet if you all need any assistance! I wii try my best to help.

    jattion

  • Type your comment> @ZeroPath said:

    I need a nudge with priv esc. Im blank xd

    This is a OSCP machine. Great for trainning. I Love that. Don't do all with script. Try to understanding the core of concepts.

    n00bs1337

  • Type your comment> @techjohnny said:

    This was a fun box.

    Nice nostalgically themed box from a VERY famous 80s Nintendo game. The name of the box is a little curious.

    User: A little tricky special character needs to escape. Captured a hash and cracked with Hashcat, which I found to by 10x faster than JTR.

    Root: The methods mentioned are reliable for a reverse shell. The tricky part is the syntax of PS, was for me, but will have this method in my tool belt for future boxes.

    Which wordlist did you use?

  • Type your comment> @siryarbles said:

    I have a reverse shell using powershell but whenever I run any of my powershell enumeration scripts, Powershell-Mafia, Sherlock or JAWS I get no output. Could someone please PM me? I am not sure what I am doing wrong.

    this is basically what i'm facing also =(

  • Rooted! Happy to help, don't hesitate to PM!

  • Anyone around that can give me some advice on this box.

  • edited April 2019

    I've never been so angry and frustrated with a box. I've got reverse shell with the m***c user, I used p*****s to create a new admin account, and I can't seem to sort out how to get to the flag.

    If anyone has questions up to that point, I'll do my best to answer despite my frustration.

    *** Nevermind. I'm dumb. Big thanks to tehmoon for pointing out my stupid mistakes ***

  • edited April 2019

    removed

  • edited April 2019

    removed

  • edited April 2019

    hi guys can anyone give me pm about how to get the root ....im feel to noob now at the end...i have get the pass and i connect in the 1st services r.......t , there i own the c.....e but i dont know what to do ? thank you

    Update:
    A great box i have learn a lot of things ...very to get the user......
    for root i was trying to connect but the box had some problems to get a connection, in the end i made it ..
    thanks for the guys they give me hint @tehmoon @phoenix2018

  • Type your comment> @ferreirasc said:

    • I would just like to say that one of the two is also my uncle ... xD

    let me guess you are the great cornholio ?

    lol jk nice pic bro that brings back memories

  • edited April 2019

    Got user, got a reverse shell on the m**-**c account and using P****U* I can add an admin user but I'm unable to log in to them using any of the I******t tools. Also tried running custom commands through I*****-S******A**** but that's not working out either. I looked at P*****r\U********d.x** but it didn't look like there was anything there. Any nudges?

Sign In to comment.