• Trying to get into the SMB service. Tried all the tools and scripts mentioned in the last 14 pages, downloaded them from multiple places (GitHub, repos), no dice. Like others have said, anonymous login/null session doesn't seem viable. Am noob, mostly Linux experience. Windows hacking is another world to me. Hints would be greatly appreciated.

  • Kind of a n00b here so I could use a hint. I have a UN and PW for M***L from a certain file and I've tried D******R and M****L enumeration and X*********L and **C Enumeration and I'm getting nowhere after double digit hours on this box. Probably missing something simple to a proper admin.

  • Still stuck in the same spot. I have re*****g user and pass from the X**M file macro, but I can't use it to login on SL, SB, or anything I'm seeing. I feel like I need to enumerate more, but I'm not sure what else I haven't tried. Hints and tips appreciated

  • Just got a login into m***l. Now am trying to use x********e to get a connection back so I can capture the ntlm hash. I can't seem to crack the hash for m*******c user. Anyone I can pm?

  • Type your comment> @mrblue said:

    Just got a login into m***l. Now am trying to use x********e to get a connection back so I can capture the ntlm hash. I can't seem to crack the hash for m*******c user. Anyone I can pm?

    PM me with what program you've tried and what is the syntax, might be able to help :)

  • Ah! I thought that m******c user might be important! xdaem00n, can I PM as well?

  • Please, can anyone PM me ? I have a small problem with M***L part, especially when it comes to use a proper command to call home with some hash.

    Summa scientia, nihil scire.

  • Finally got user :)

    Summa scientia, nihil scire.

  • Alright, been stuck on privesc for several hours. Able to execute commands via XP, but honestly lost on where to go from there. Can't seem to establish a reverse shell of any kind.
  • Yes, this the same here. I am able to execute commands, but no reverse shell for me :(

    If someone PM hint, please.

    Summa scientia, nihil scire.

  • edited May 2019

    finally i got a shell reverse on M* ***. but i dont know how priv. any tips for me?
    i have root now. thanks PavelKCZ

  • Okay, finally found some shares. Only tool that worked for me out of the dozen I tried was a Metasploit script, which I'm trying to avoid due to the OSCP restrictions. Really interested in what everyone else used. Found Rep****, but still can't log in. I know this is probably ridiculously simple, but I'm stumped. Can I get a PM, please?

  • Finally - own root. Wow, nice box, it took me almost two days (with breaks and sleep of course).

    Summa scientia, nihil scire.

  • Thx to byth22 for hints about uploading. Also thx to daem00n for hint about reverse shell and thx to lattethunder for brainstorming :)

    And of course Big THX to box creators. I learned a lot about M***l and Powershell.

    Summa scientia, nihil scire.

  • At long last, I have SMB access. Had to reinstall smbclient from the Kali repos (I usually use Debian) and run the command a few times until it worked. Minor issues causing major headaches and all that jazz.

  • edited May 2019

    Hey, I am stuck on root. I am very new to windows prives plus I cant get any reverse shell, any help please? DM

    Edit: Got root , Great box learnt so many new things and thanks to @PavelKCZ for helping me getting to root.

  • Got root. Nice machine.

  • edited May 2019

    Spoiler Removed

  • Got root with hints from @mava, @DarkNight7, and a huge huge help from @PavelKCZ !!

    I never did get a root shell though. Would someone mind PMing me if they did with how they pulled that one off? Tried a few different things but none quite took. Ended up using a workaround to get the flag.
  • Need some assistance getting impacket to work. I have the creds. Or I think I do. PM me please. Id appreciate it.

  • FINALLY rooted. I guess I powered up a different way than a lot of people because I didn't come across any 'uncles'. Fun box with a lot of real world application!

  • Anyone can drop hints about establishing a reverse shell in this box from RCE? PMs are welcome

  • Rooted Dance - PM me if you need a nudge :)

  • Rooted, pm if you need help.

    Discord : secHaq#7121

  • edited May 2019


  • edited May 2019

    someone pls PM me, I got the creds but they just straight up refuse to work, what am I doing wrong?

    Edit: figured it out, don't forget to try out some different options

  • edited May 2019

    @trigger said:
    Rooted, pm if you need help.

    Hey, I am stuck on root. .finally i got a shell reverse, any help please?

    Finally - own root

  • edited May 2019

    I got user (thanks IPSEC's giddy), now working on root ^_^

  • edited May 2019

    Im using re*****er -I tun0 and when im trying to get the n**m hash i got nothing in re*****er.
    I think i just do stg bad.
    Thanks for any help.


  • edited May 2019

    Hey guys! I am trying this box but i am having a hard time finding a valid username! i found the bin file and i've got a DB connection script which contains a usename and password, but i keep getting "Login failed for user 'r********g'". I've tried with TDS (which i usually use in mssql) and impacket but no luck :-/

    Can someone PM please?

Sign In to comment.