HelpLine

can anyone pm me with what to do with the very long string in creds?

What a nice machine! Congrats @egre55 :slight_smile:

Thanks to @CHUCHO @FlameOfIgnis and @jkr for all your help.

PM for hints if you need some.

Apparently I’ve gone a couple miles down the unintended path. I don’t see any way forward that doesn’t involve targeted hash cracking. There are enough hints for that to be viable, I’d think, but it hasn’t gotten me anywhere. Maybe I overlooked something in the mountains of mimikatz documentation. I dropped a forensics lib to read the raw flags. I was hoping to get the metadata, but it only returned the contents. I think that should count, since I technically have the flags.

I saw where @egre55 was doing some things with calc.exe, so I’m wondering if a custom exploit is intended, though I don’t see how it could help me now. I guess I’ll go back to the users, since they each seem to have a purpose. I would like to know if the remoteaccess site is involved. A couple open ports make me think it might be, but I haven’t seen anything else to support it. Alright this stream of consciousness has gone on long enough. good talk

Totally stuck as NT auth shell. tried all kinds of mimikatz trick, not getting anything. Have some idea as to whats going on , E*S .Always lacking one/two component to decrypt something crucial to decrypting the next step/cred/cert…, any hints?? Its fun running all kinds of tools on this machine though

Hello
I need help,
on the website i have succeeded the privilege escalation, what do i have to do now?

Stuck after decrypting a****-p***.xml. I was able to read that file, which results in a very long string. Someone suggested using PSCrl / SeS*g . Been having trouble using the content of that file to do anything. Anyone know the syntax? pm, thx

rooted…■■■■, I learned a lot about powershell-fu…

I was afraid of this box because it is red. And after start I had hard time on the most step in spite of all hints. But after rooting I say that it is real box with real-case situations.
It is very stable and it allows get additional hints from the result of work of other hackers.

And that is why it defenitely is worth the force and the time.

I found creds for two users, but can’t found way for change users, could somebody help me PM

A week later, finally rooted. Thank you to @tabacci and @Ripc0rd for the help. Helpful tips:

Know Powershell. Understand commands and what you can use to leverage your way into getting root.txt.

Rooted and got user! Holy ■■■■ I’m sure I didn’t do this the intended way because I f***ed this box HARD to get that to work. Hahaha. Okay, time to reset before anyone notices.

Could use some help for escalating to leo. I know what I need to do, but I am facing some difficulty.

I have administrator hashes, can pass the hash with psexec but I cannot read the root.txt or user.txt. I see the XML file but having problems decoding it. I am on the file system looking for something to get/do. I would appreciate a hint int he right direction.

Congrats to @egre55. Solid box. I haven’t solved it yet, but I am determined to! Currently stuck after getting read access to the xml file. Probably should find a way to make that information useful, but I have run through all my ideas and need to seek guidance on where to go next.

Totally stuck with getting normal login done. Cannot find a way in this box. I know it sounds weird, but I think I know where to go, but do not know how.

If anyone can help me with reading flags, please PM. I’m able to login with two different users, but cannot read certain files. Any help is appreciated!

rooted but stuck with user.txt. any nudges?

I cannot read user nor root any of accounts. Any nudge would be good

I’m still trying to wrap my head around why psexecing as Administrator still shows i’m NT AUTH/SYS after running whoami

Stuck at LFI… Is the user named Ls Ro a hint? I found a PoC from Pedro R**o but I cannot make it to work.