I’m a bit stuck for root. I’ve checked the installed programs as per the hints here, but I can’t seem to figure out what to use. I’ve been looking at *R*NG and *PS-*in64 but I’m not sure.
Could someone give a nudge? Thanks!
you’re on the right track, do your research about that program now
@MLGhacks i had the exact same problem yesterday for hours, and i figured out (for me) it was because i was running NAT on my kali. IDK why but when i went home i randomly switched to bridged and it worked perfect everything was up to speed and could finally go forward, maybe try that
How im supposed to get the root key? Someone could give me a hint please? I have found the 64 and the N*e, searched some things but i cant apply any of them lol
@noobsaibot81 said: @xdaem00n Hello, I have mounted the unit .vhd what should I look for ?
Greetings
Should be enough clues in this thread to give you an idea about which files you should look for.
I disagree tbh. The ‘clues’ in this topic are still vague. ‘Important directories’ could be everything on a Windows machine: the registry, C:/Users, C:/Program Files, C:/AppData, etc.
I’ve spent hours looking at all folders on the image but still haven’t got the slightest clue of where to look…
User Hint: Explore common windows sec handling. You do not have to download the vhd!
Root Hint: Enum the software, look for odd programs and see what you can use against it
@noobsaibot81 said: @xdaem00n Hello, I have mounted the unit .vhd what should I look for ?
Greetings
Should be enough clues in this thread to give you an idea about which files you should look for.
I disagree tbh. The ‘clues’ in this topic are still vague. ‘Important directories’ could be everything on a Windows machine: the registry, C:/Users, C:/Program Files, C:/AppData, etc.
I’ve spent hours looking at all folders on the image but still haven’t got the slightest clue of where to look…
We’ve even discussed a tool that may or may not have had an issue (it doesn’t if you use the correct flag) which should be a fairly big hint as to what files have been obtained to get info from
If you’re really struggling then PM me and I’ll help you further but I don’t really want to say on here because it’s difficult to do that without spoiling it for others.
For user password, try to google some basic methods of extracting NTLM hashes from Windows registry. This is not specific for this box, those things are basic knowledge for pentesting.
Got root, that was a fun box, thanks @L4mpje ! More realistic than most of the ones recently. It took learning a couple of tools, but everything is easily researchable. There are plenty of hints in this forum to get both user and root. Don’t overthink!
That was fun, Thanks to @Cybeernoob who confirmed I was on the right path.
MODS - Feel free to edit this if its too spoiler-y…
If you do have to go to a Windows VM be careful of the OS, I could not get the final step to work under W10, but as soon as I moved to a W7 VM the same steps worked first time.
Re Windows VM versus Linux / which Windows version etc:
In cases like this, I use socat to forward only the relevant port(s) from Kali to a Windows box. So I can use Kali tools in parallel, for investigating other stuff while using Windows tools only when absolutely needed.
Windows 10 worked fine for me for ‘reading the large file’.
@hxmo said:
Any idea why i cant download the large file? keeps cutting me off at around 400MB of the file because of an error ? (using kali, not windowS)
You dont have to download the vhd image. On linux you can first mount the SMB share and then locally mount the image file in the SMB share.