Querier

Rooted, pm if you need help.

===disregard===

someone pls PM me, I got the creds but they just straight up refuse to work, what am I doing wrong?

Edit: figured it out, don’t forget to try out some different options

@trigger said:
Rooted, pm if you need help.

Hey, I am stuck on root. .finally i got a shell reverse, any help please?

Finally - own root

I got user (thanks IPSEC’s giddy), now working on root :slight_smile:

Im using reer -I tun0 and when im trying to get the nm hash i got nothing in re**er.
I think i just do stg bad.
Thanks for any help.

Hey guys! I am trying this box but i am having a hard time finding a valid username! i found the bin file and i’ve got a DB connection script which contains a usename and password, but i keep getting “Login failed for user ‘r********g’”. I’ve tried with TDS (which i usually use in mssql) and impacket but no luck :-/

Can someone PM please?
Thanks!

Can someone help with root? I’m trying to use PowerUp via the cmd shell with the ms***-svc user, but having some trouble understanding what to do to get it working right.

Can someone help me with user?
Impacket gives some errors :frowning:

Would be grateful for a small nudge for root. I think I’m 90% of the way there, got low priv reverse shell and created an account with local admin privs. Just cant seem to make the next leap. Thanks for any help provided. Anyone that needs a hand getting to this point, please feel free to PM me.

never mind

I have a SQL shell, but when i try ti use xp**_t** with Rer to grab NTLM hashes, but Rer returns errors!
Am i missing something ?

Anyone geting an error similar to this when connecting to SMB share with creds found in .xl**?
Using impacket tools both for Kali and WIN (commando VM)

ls
timestamp out of range for platform time_t

Great box! learned a lot!

Type your comment> @pentestjo said:

Anyone geting an error similar to this when connecting to SMB share with creds found in .xl**?
Using impacket tools both for Kali and WIN (commando VM)

ls
timestamp out of range for platform time_t

Use these creds to connect to M***L not smb!

Type your comment> @DaChef said:

Type your comment> @pentestjo said:

Anyone geting an error similar to this when connecting to SMB share with creds found in .xl**?
Using impacket tools both for Kali and WIN (commando VM)

ls
timestamp out of range for platform time_t

Use these creds to connect to M***L not smb!

Yes, that is what I did. I just was wondering about the error I saw, ended up being outdated tools. My thinking was to try and enum the SMB with an authenticated user. Still working on privesc after getting user.

Thanks!

This box! Banging my had against the wall all day. Got low priv shell with svc account, tried almost every win priv esc using powershell (Giddy, Mantis, Optimum, and Chatterbox). Tried EMP-PU to but nothing worked. Haven’t found any uncles. At this point would love to get any tip on/directions to reading materials for more relevant priv esc.

Thanks!

Rooted! Fun box,but had to guess a little bit for the first step. If anyone have any difficulty, feel free to PM :wink:

Just rooted! Big thnx to @D3vnull for the shell hint :slight_smile:

Hey guys ! Someone can give me hint ?
I got user.txt and a password to connect to the box but I don’t know how to get a shell I only got RCE and powershell looks blocked by antivirus…
I don’t know much about windows
Thanks