Querier

I have a meterpreter session and got user.txt. However i am hopelessly stuck on root. Any help appreciated (PM)

can someone help with the im** tool, i cant get it to register the username it always tries to connect via guest

@ARainchik said:
Got user, got a reverse shell on the m**-**c account and using P****U* I can add an admin user but I’m unable to log in to them using any of the I******t tools. Also tried running custom commands through I*****-S******A**** but that’s not working out either. I looked at P*****r\U********d.x** but it didn’t look like there was anything there. Any nudges?

Got root, looks like I needed to enumerate more. Gonna group this technique up with my other steps for future machines.

Rooted! Learned a lot about Windows.

Thanks for all the help especially in the priv esc part @toshiko and @treeno

can any one pm on how to priv?

@haimvak Super Mario Star Power Up - YouTube

For python purists or anyone attempting to pythonize this box using the common pypi project related to the DB, here’s a little note:

The API is not well documented and might lead you down a rabbit hole when going after user and getting a CONFIG error.

Each cursor object is an implicit transaction, and therefore is restricted to what commands can be run. This disallows you from ‘upgrading’ to exec. One hacky way around this is to specify your ‘upgrade commands’ in the conn_properties parameter of the connection object, which are treated as separate queries.

I don’t think any of that spoils anything, especially since most people are more likely to take the easier route. If the mods feel like it does feel free to bork my post.

I found the .x*** file, i have spent days on try to extract information on it! The file is empty! please help. PM me…

Type your comment> @darkchocolat said:

I found the .x*** file, i have spent days on try to extract information on it! The file is empty! please help. PM me…

Have you taken it for a walk?

After lots os struggling I managed to get User and Root. I laughed when I finally got the uncles joke.

I learned so much, but i wanted to quit like 10 times. Feel free to PM me.

Hi! Could someone PM me I need help for root.txt. I am stucck on privesc…

Type your comment> @Malone5923 said:

@garbo77 . String it up ?

I find .xlsm file but when i try to use more command to open it doesnt work and get command to transfer the file neither

Type your comment> @jagomezg said:

I found C*****.xl** file, is it a rabbit hole?

any idea how to open the file? more is not working

Type your comment

any idea how to open .xl… file? I use more command and does not work and I also use get to transfer it but does not work neither

Having trouble with de ms****.py and im****t. Even though I downloaded the latest version, I sill get some TLS error.

Can anyone help?

I would appreciate any hint or PM
Thank a lot> @dm7500 said:

So far, I’ve found the ‘r********’ user creds via the E**** macro file. It works as a windows login for SMB shares, but I’m kind of stuck beyond that. I’m trying to use the tools in I******t to enumerate or find something new, but no luck so far.

I’ve read up on the retired G**** box, so I get how to grab the N*** hash, but I don’t see a way to make the server connect back to my share, as I don’t see a place to S**i

Any hints as to the next step?

Same boat…

Amazing box, i learned a lot about Windows. Kudos to the creator!!

So far, I’ve found the ‘r********’ user creds via the E**** macro file. It works as a windows login for SMB shares, but I’m kind of stuck beyond that. I’m trying to use the tools in I******t to enumerate or find something new, but no luck so far.

I’ve read up on the retired G**** box, so I get how to grab the N*** hash, but I don’t see a way to make the server connect back to my share, as I don’t see a place to S**i

Any hints as to the next step?

Type your comment> @dm7500 said:

So far, I’ve found the ‘r********’ user creds via the E**** macro file. It works as a windows login for SMB shares, but I’m kind of stuck beyond that. I’m trying to use the tools in I******t to enumerate or find something new, but no luck so far.

I’ve read up on the retired G**** box, so I get how to grab the N*** hash, but I don’t see a way to make the server connect back to my share, as I don’t see a place to S**i

Any hints as to the next step?

Same boat…

Took me over 2 weeks to get root. Loved this box, really good learning experience in a windows environment. More windows boxes like this please. Kudos to the creator and thanks to @ARainchik for direction.