Querier

Type your comment> @staz0t said:

Type your comment> @staz0t said:

Iā€™m in the db. Iā€™m trying to send a request to my server (re**r) so that i can fetch the Nv2.
But, my server is always excepting the error ā€œErrno 104 Connection reset by peerā€

Initially before using Im*****t to authenticate, I also tried me*******t modules. I was getting the same error. Can someone help me with this?

Update: The problem was with my machine and mis-configured server that was handling the request. Itā€™s solved.

same problem here how did you fix it?

Got root shell!
Awesome box, learned a lot about Windows enumeration & priv esc.
Also learned new tricks with I*****t and M-**L.
Thanks to @DarkNight2019 for some hints with initial shell.
Feel to PM me if you need help with the box.

Having issues with reverse shell on this box. I am a windows noob. Can anyone point me in the right direction? I have m**vc account and can run commands.

Please DM

root :slight_smile:
Thanks @N0ur5 and @cyberus for the tips.
@jayjay25 check inbox

What to do after getting the NT hash. I tried to crack it but unsuccessful. Do we have to use those hash to login to some other service or do something more with the MS*** queries.
Please dm for any hints.
Thanks

Type your comment> @xdaem00n said:

root :slight_smile:
Thanks @N0ur5 and @cyberus for the tips.
@jayjay25 check inbox

My pleasure :slight_smile: @xdaem00n

Finally got root flag on this one. Have not managed to get shell and still going to try.

huge thanks to @DarkNight2019 @cyberus and @N0ur5

Really enjoyed this one and I have learned a lot about the windows priv esc.

Trying to get into the SMB service. Tried all the tools and scripts mentioned in the last 14 pages, downloaded them from multiple places (GitHub, repos), no dice. Like others have said, anonymous login/null session doesnā€™t seem viable. Am noob, mostly Linux experience. Windows hacking is another world to me. Hints would be greatly appreciated.

Kind of a n00b here so I could use a hint. I have a UN and PW for ML from a certain file and Iā€™ve tried DR and ML enumeration and X********L and **C Enumeration and Iā€™m getting nowhere after double digit hours on this box. Probably missing something simple to a proper admin.

Still stuck in the same spot. I have re***g user and pass from the XM file macro, but I canā€™t use it to login on SL, SB, or anything Iā€™m seeing. I feel like I need to enumerate more, but Iā€™m not sure what else I havenā€™t tried. Hints and tips appreciated

Just got a login into ml. Now am trying to use x*****e to get a connection back so I can capture the ntlm hash. I canā€™t seem to crack the hash for m*******c user. Anyone I can pm?

Type your comment> @mrblue said:

Just got a login into ml. Now am trying to use x*****e to get a connection back so I can capture the ntlm hash. I canā€™t seem to crack the hash for m*******c user. Anyone I can pm?

PM me with what program youā€™ve tried and what is the syntax, might be able to help :slight_smile:

Ah! I thought that m******c user might be important! xdaem00n, can I PM as well?

Please, can anyone PM me ? I have a small problem with M***L part, especially when it comes to use a proper command to call home with some hash.

Finally got user :slight_smile:

Alright, been stuck on privesc for several hours. Able to execute commands via XP, but honestly lost on where to go from there. Canā€™t seem to establish a reverse shell of any kind.

Yes, this the same here. I am able to execute commands, but no reverse shell for me :frowning:

If someone PM hint, please.

finally i got a shell reverse on M* ***. but i dont know how priv. any tips for me?
edit:
i have root now. thanks PavelKCZ

Okay, finally found some shares. Only tool that worked for me out of the dozen I tried was a Metasploit script, which Iā€™m trying to avoid due to the OSCP restrictions. Really interested in what everyone else used. Found Rep****, but still canā€™t log in. I know this is probably ridiculously simple, but Iā€™m stumped. Can I get a PM, please?

Finally - own root. Wow, nice box, it took me almost two days (with breaks and sleep of course).