Querier

11214161718

Comments

  • Hi.

    Do i really need to crack what i got after using the G**** technique? Or i can use relay? But SMB relay signing is on, which prevents it. Am i on the right track? Thanks

  • Please can anyone help me with the box? I can't understand how to use im****et tool and met*****it module to grab user.txt. I have n****v2 and valid creds for m***l service. Giddy box is a little different from this box, it was powershell service there. I don't understand how to get shell at this box:( Any nudge via PM will be appreciated..

  • I have a meterpreter session and got user.txt. However i am hopelessly stuck on root. Any help appreciated (PM)

  • can someone help with the im** tool, i cant get it to register the username it always tries to connect via guest

  • @ARainchik said:
    Got user, got a reverse shell on the m**-**c account and using P****U* I can add an admin user but I'm unable to log in to them using any of the I******t tools. Also tried running custom commands through I*****-S******A**** but that's not working out either. I looked at P*****r\U********d.x** but it didn't look like there was anything there. Any nudges?

    Got root, looks like I needed to enumerate more. Gonna group this technique up with my other steps for future machines.

  • Rooted! Learned a lot about Windows.

    Thanks for all the help especially in the priv esc part @toshiko and @treeno

  • can any one pm on how to priv?

  • @haimvak

    For python purists or anyone attempting to pythonize this box using the common pypi project related to the DB, here's a little note:

    The API is not well documented and might lead you down a rabbit hole when going after user and getting a CONFIG error.

    Each cursor object is an implicit transaction, and therefore is restricted to what commands can be run. This disallows you from 'upgrading' to exec. One hacky way around this is to specify your 'upgrade commands' in the conn_properties parameter of the connection object, which are treated as separate queries.

    I don't think any of that spoils anything, especially since most people are more likely to take the easier route. If the mods feel like it does feel free to bork my post.

  • edited April 2019

    I found the .x*** file, i have spent days on try to extract information on it! The file is empty! please help. PM me..

  • Type your comment> @darkchocolat said:

    I found the .x*** file, i have spent days on try to extract information on it! The file is empty! please help. PM me..

    Have you taken it for a walk?

  • After lots os struggling I managed to get User and Root. I laughed when I finally got the uncles joke.

    I learned so much, but i wanted to quit like 10 times. Feel free to PM me.

  • Hi! Could someone PM me I need help for root.txt. I am stucck on privesc...

  • Type your comment> @Malone5923 said:

    @garbo77 . String it up 😉

    I find .xlsm file but when i try to use more command to open it doesnt work and get command to transfer the file neither

  • Type your comment> @jagomezg said:

    I found C*****.xl** file, is it a rabbit hole?

    any idea how to open the file? more is not working

  • Type your comment

  • any idea how to open .xl.. file? I use more command and does not work and I also use get to transfer it but does not work neither

  • Having trouble with de ms****.py and im****t. Even though I downloaded the latest version, I sill get some TLS error.

    Can anyone help?

    Hack The Box
    -OSCP-

  • edited April 2019

    I would appreciate any hint or PM
    Thank a lot> @dm7500 said:

    So far, I've found the 'r********' user creds via the E**** macro file. It works as a windows login for SMB shares, but I'm kind of stuck beyond that. I'm trying to use the tools in I******t to enumerate or find something new, but no luck so far.

    I've read up on the retired G**** box, so I get how to grab the N*** hash, but I don't see a way to make the server connect back to my share, as I don't see a place to S**i

    Any hints as to the next step?

    Same boat...

  • Amazing box, i learned a lot about Windows. Kudos to the creator!!

  • So far, I've found the 'r********' user creds via the E**** macro file. It works as a windows login for SMB shares, but I'm kind of stuck beyond that. I'm trying to use the tools in I******t to enumerate or find something new, but no luck so far.

    I've read up on the retired G**** box, so I get how to grab the N*** hash, but I don't see a way to make the server connect back to my share, as I don't see a place to S**i

    Any hints as to the next step?

  • Type your comment> @dm7500 said:

    So far, I've found the 'r********' user creds via the E**** macro file. It works as a windows login for SMB shares, but I'm kind of stuck beyond that. I'm trying to use the tools in I******t to enumerate or find something new, but no luck so far.

    I've read up on the retired G**** box, so I get how to grab the N*** hash, but I don't see a way to make the server connect back to my share, as I don't see a place to S**i

    Any hints as to the next step?

    Same boat...

  • edited April 2019

    Took me over 2 weeks to get root. Loved this box, really good learning experience in a windows environment. More windows boxes like this please. Kudos to the creator and thanks to @ARainchik for direction.

    hexiburner

  • What a good box! I learned a lot from this box :+1: PM me if you need help

  • Type your comment> @staz0t said:

    Type your comment> @staz0t said:

    I'm in the db. I'm trying to send a request to my server (re*****r) so that i can fetch the N***v2.
    But, my server is always excepting the error "Errno 104 Connection reset by peer"

    Initially before using Im*****t to authenticate, I also tried me*******t modules. I was getting the same error. Can someone help me with this?

    Update: The problem was with my machine and mis-configured server that was handling the request. It's solved.

    same problem here how did you fix it?

    Hack The Box

  • Got root shell!
    Awesome box, learned a lot about Windows enumeration & priv esc.
    Also learned new tricks with I******t and M*-**L.
    Thanks to @DarkNight2019 for some hints with initial shell.
    Feel to PM me if you need help with the box.

  • Having issues with reverse shell on this box. I am a windows noob. Can anyone point me in the right direction? I have m**vc account and can run commands.

    Please DM

  • root :)
    Thanks @N0ur5 and @cyberus for the tips.
    @jayjay25 check inbox

    v1ew-s0urce.flv
  • What to do after getting the NT hash. I tried to crack it but unsuccessful. Do we have to use those hash to login to some other service or do something more with the MS*** queries.
    Please dm for any hints.
    Thanks

  • edited May 2019

    Type your comment> @xdaem00n said:

    root :)
    Thanks @N0ur5 and @cyberus for the tips.
    @jayjay25 check inbox

    My pleasure :) @xdaem00n

  • Finally got root flag on this one. Have not managed to get shell and still going to try.

    huge thanks to @DarkNight2019 @cyberus and @N0ur5

    Really enjoyed this one and I have learned a lot about the windows priv esc.

Sign In to comment.