Querier

I’ve never been so angry and frustrated with a box. I’ve got reverse shell with the mc user, I used p**s to create a new admin account, and I can’t seem to sort out how to get to the flag.

If anyone has questions up to that point, I’ll do my best to answer despite my frustration.

*** Nevermind. I’m dumb. Big thanks to tehmoon for pointing out my stupid mistakes ***

removed

removed

hi guys can anyone give me pm about how to get the root …im feel to noob now at the end…i have get the pass and i connect in the 1st services r…t , there i own the c…e but i dont know what to do ? thank you

Update:
A great box i have learn a lot of things …very to get the user…
for root i was trying to connect but the box had some problems to get a connection, in the end i made it …
thanks for the guys they give me hint @tehmoon @phoenix2018

Type your comment> @ferreirasc said:

  • I would just like to say that one of the two is also my uncle … xD

let me guess you are the great cornholio ?

lol jk nice pic bro that brings back memories

Got user, got a reverse shell on the m**-**c account and using P****U* I can add an admin user but I’m unable to log in to them using any of the I******t tools. Also tried running custom commands through I*****-S******A**** but that’s not working out either. I looked at P*****r\U********d.x** but it didn’t look like there was anything there. Any nudges?

Hi.

Do i really need to crack what i got after using the G**** technique? Or i can use relay? But SMB relay signing is on, which prevents it. Am i on the right track? Thanks

Please can anyone help me with the box? I can’t understand how to use imet tool and met*****it module to grab user.txt. I have nv2 and valid creds for m***l service. Giddy box is a little different from this box, it was powershell service there. I don’t understand how to get shell at this box:( Any nudge via PM will be appreciated…

I have a meterpreter session and got user.txt. However i am hopelessly stuck on root. Any help appreciated (PM)

can someone help with the im** tool, i cant get it to register the username it always tries to connect via guest

@ARainchik said:
Got user, got a reverse shell on the m**-**c account and using P****U* I can add an admin user but I’m unable to log in to them using any of the I******t tools. Also tried running custom commands through I*****-S******A**** but that’s not working out either. I looked at P*****r\U********d.x** but it didn’t look like there was anything there. Any nudges?

Got root, looks like I needed to enumerate more. Gonna group this technique up with my other steps for future machines.

Rooted! Learned a lot about Windows.

Thanks for all the help especially in the priv esc part @toshiko and @treeno

can any one pm on how to priv?

@haimvak Super Mario Star Power Up - YouTube

For python purists or anyone attempting to pythonize this box using the common pypi project related to the DB, here’s a little note:

The API is not well documented and might lead you down a rabbit hole when going after user and getting a CONFIG error.

Each cursor object is an implicit transaction, and therefore is restricted to what commands can be run. This disallows you from ‘upgrading’ to exec. One hacky way around this is to specify your ‘upgrade commands’ in the conn_properties parameter of the connection object, which are treated as separate queries.

I don’t think any of that spoils anything, especially since most people are more likely to take the easier route. If the mods feel like it does feel free to bork my post.

I found the .x*** file, i have spent days on try to extract information on it! The file is empty! please help. PM me…

Type your comment> @darkchocolat said:

I found the .x*** file, i have spent days on try to extract information on it! The file is empty! please help. PM me…

Have you taken it for a walk?

After lots os struggling I managed to get User and Root. I laughed when I finally got the uncles joke.

I learned so much, but i wanted to quit like 10 times. Feel free to PM me.

Hi! Could someone PM me I need help for root.txt. I am stucck on privesc…

Type your comment> @Malone5923 said:

@garbo77 . String it up ?

I find .xlsm file but when i try to use more command to open it doesnt work and get command to transfer the file neither

Type your comment> @jagomezg said:

I found C*****.xl** file, is it a rabbit hole?

any idea how to open the file? more is not working