Querier

11213141517

Comments

  • Type your comment> @fbarrsmith said:

    Type your comment> @j0c0d3r said:

    Type your comment> @fbarrsmith said:

    Rooted, ignore my previous comment, it's a false path to victory that does not work. Pro tip for people trying to privesc, make sure you have the latest version of whatever tool you are trying to use to privesc or enumerate privesc details from, older versions may not show as much.

    No, it's not a false path to victory bro :D

    Anyone stuck, PM me to help ;) <3

    So you were able to log in as that admin user? Please tell me how via pm haha

    PM sent

  • edited June 2019

    Currently have user.txt. Have a reverse shell from using my own s** share to deliver payloads. I have been working on priv esc for quite awhile now. If someone could PM me some hints on what to do. I have found a couple of the scripts being mentioned here but am having trouble getting passed the execution policy and AV.

    EDIT: Figured out priv esc. It was quite easy actually one I found it. Fun box!

  • Finally rooted, I wasted too much time on powershell but finally got it.
    PM me if you need any help,
    Cheers.

    StephenJR

  • Hi all. I would really appreciate it if someone could message me with the initial foothold? I believe I found a password in the .v** file. but i need to connect to SQL i believe.

    Cheers

    If someone was helpful, don't forget to give +1 Respect.
    Arrexel

  • edited May 2019

    Spoiler Removed

    zweeden

  • edited May 2019

    I NEED HELP AND A KALI LINUX MASTER!

    I'm using Gi**y method (I got credentials to run it) both from Im*****t and from the Framework, it says "Successfully executed x*_d*****e", but I cannot receive anything on my server.

    So I noticed someone else got my same problem and solved it .. Basically every server I run (Framework server , Res*****r, Im*****t) get 104 connession reset by peer and some python error about sa**a server as soon I run x*_d*****e , someone shared the same code error saying is "misconfigured server handling the request".

    How can I fix it? (Hope is just a dumb thing, or maybe I'm just missing something)
    PM me

    Hack The Box

  • Type your comment> @HEXE said:
    > I NEED HELP AND A KALI LINUX MASTER!
    >
    > I'm using Gi**y method (I got credentials to run it) both from Im*****t and from the Framework, it says "Successfully executed x*_d*****e", but I cannot receive anything on my server.
    >
    > So I noticed someone else got my same problem and solved it .. Basically every server I run (Framework server , Res*****r, Im*****t) get 104 connession reset by peer and some python error about sa**a server as soon I run x*_d*****e , someone shared the same code error saying is "misconfigured server handling the request".
    >
    > How can I fix it? (Hope is just a dumb thing, or maybe I'm just missing something)
    > PM me

    pm me
  • edited May 2019

    I've pretty much got root, but every time I use r***s.exe it asks for the password and immediately skips past back to command prompt. I have the password but can't currently see a way to enter it. Anyone else have this issue?

    Edit: Nevermind, solved my problem. Box rooted.

    mogyub

  • This was a nice box to work . Kudos to the creators!

    Hack The Box

  • Ended up getting root after fighting with janky shells and struggling writing content to files. Feel free to PM me for help! Overall was a pretty fun box for one of my first windows machines :)

    zweeden

  • I feel like I'm stuck at really end of privesc. How can I switch user. Please PM me.

  • edited June 2019

    Edit: Nevermind, I got it. Now going for root.

    tiger5tyle

  • Hint for people doing this box: If you find the useful script, make sure you're using the newest version. Had a couple people ask me about their problem and it turned out to be an out of date script.

    mogyub

  • got User.txt

    the problem about errno 104 connession reset by peer can be fixed, looking for new or different Re*****r releases , I wasted so much time on it.

    PM if you faced the same issue ;)

    Hack The Box

  • got problem with using admin credentials, any nudge pls

  • Such a fun challenge learned a bit. Root was relatively easy. PM for nudges.

    Silv3rDawg23

  • Finally!

    got user.txt, reverse shell and root.txt :relieved:

    The forum tips were great. Many things learned.

    Feel free pm me for nudge

    Arrexel

  • Totally lost regarding logging into the M...L
    Found credentials quite quickly for user r.......
    I tried using im....t's client to connect, now I know I have to escape \ but that doesn't seem to work. What am I missing?

    Can someone please PM to give me a nudge?

  • Type your comment> @l33tnoob said:
    > Totally lost regarding logging into the M...L
    > Found credentials quite quickly for user r.......
    > I tried using im....t's client to connect, now I know I have to escape \ but that doesn't seem to work. What am I missing?
    >
    > Can someone please PM to give me a nudge?

    Pm me....
  • Anyone who needs any help. PM me, wouldnt mind helping at all

  • edited June 2019

    Get User .
    Help plz with any hint how to privEsc ? have netcat revers shell

    PM please

  • edited June 2019

    hint ?

  • Can anyone give me some guidance privately on how they got a proper shell on this machine? Keep hitting walls.

  • I have a user shell going on and am trying to execute P*******w or P*****P, but keep getting errors that the scripts are not allowed to run because they contain ampersands (&) or something. No idea how to fix this. Any hints on how to do this?
  • If anyone is still stuck and needs help, feel free to PM for a nudge

    Silv3rDawg23

  • edited June 2019

    ROOOTED!

    the user part has been great! But an old version of the tool made me waste weeks to do a crucial step. Fortunately fixed a week ago

    root : basically 99% of the time has been wasted trying to get an user shell to enumerate properly the machine.. AV will make the life hard, at least for me. Once you get a stable shell, running the right enum script you will get root.txt in 5 min.

    THX @mrh4sh and @egre55 one of my favorite box!

    PM me if you need help

    Hack The Box

  • Rooted thanks to @HEXE and @Silv3rDawg23.
    PM me for help, while it is fresh.

  • So after a handful of hours I got user and root. Overall, great box. Pretty realistic too.
    Most of the issues along the way were syntax related to various tools, and issues with I******* were... Bountiful.
    Another frustrating thing that happened to me is my hashcat on my Kali vm is busted, but after giving jtr the right stuff cracking someone's hash was pretty easy and quick

    I spent way too much trying to get a root shell when the root.txt was easily available going about the same direction as getting the first file needed to really kick things off.

    My advice is:
    1. As usual, enumeration is key. If you don't poke around you won't find what you need
    2. Don't over complicate things. In all honesty, this box is really easy. If you've done PWK labs, this box should feel right at home with the lower tier boxes
    3. If you don't get output or results you expect, take a look at all the options or switches you're using
    4. A particular "Defense" mechanism built into the OS isn't really going to be as big of a deal as you probably think it is

    If you were able to get a root shell, hit me up. I've got a method that I KNOW should be working, as I've used it on engagements in the past

  • edited June 2019

    Man this machine beat me up.

    Learned a ton.

    There are tons of hints in thread already but if anyone is needs a little nudge let me know where you are and I'll do my best.

    Also huge thanks to @EnDeRuCn for the help.

  • edited June 2019
    Can I get a nudge in the right direction? I am trying to get a reverse shell going but keep getting blocked by the av. I already got user flag by using the x*_*******l command in SQL. I already got the m****-**c account cracked. Unless theres another way to get root without a shell.

    Edit:Got reverse shell on m****-**c account. Now onto root. Any pointers?
Sign In to comment.