Bastion

Rooted, all in linux… very nice box don`t get many windows boxes so it’s good to play with one

rooted without any using of windows machine, all in kali :slight_smile:
pm me if you need help .
Arrexel

Still not owned but as a newbie this article helped me a lot:

please, let me know if it is considered as a spoiler and i (admin?) will remove it.

Had a lot of fun with this today, completed all with Kali, learning loads on the way!

Type your comment> @M4t35Z said:

User: enumeration, Who is the uncle of USA?
Root: more enumeration just for 1 thing

Feel free to PM me if u stuck. (:

Ahaha…nice one about User. I’ve got the file but i’m struggling with J***, h*****t, etc…

please help with rooting. I have file. Don’t know how to crack it. why do i need windows for that if the scripts are python or ruby?

Type your comment> @kalagan76 said:

Ahaha…nice one about User. I’ve got the file but i’m struggling with J***, h*****t, etc…
Yeah I am encountering the same problem. Has anyone got any tips on how to deal with this?

Edit: I did it! Thanks to @kalagan76 for helping me with john the ripper for the user.

Juste found user password. The command with j*** is actually pretty simple.

Rooted! My first Windows machine and the first one i did without help (except the forum). I really like it, that was a great machine. I don’t get why a lot of people needed a Windows VM. I did everything under Kali and nothing was really difficult. I’m a newbie but you can PM me if you need help.

test

Got root using only Kali. Except maybe the mount, I think nothing would have been harder than with a windows VM. Thanks @Kucharskov for user and @bing0o for the exploit for root. One hint regarding this one : it needs to be up to date.

Stuck on this box. Located and can connect to 2 shares remotely but not sure how to progress. Hints would be appreciate in DM. Thanks.

Rooted. Learned a lot, especially getting the regular user. Root barely took any time on Linux, no Windows. You can find a python script that helps with the final step if you search for github on “appname_decrypt.py”.

Rooted, but only because this forum gave me the hint which program to check out for the PrivEsc. How would you even figure something like that out on your own? Do you just look at all the programs that are installed and then google around to see if they’re vulnerable? Or are there automated processes to find these things?

Also, @0xNoOne is an absolute saint for writing that script.

Hi Guys,I could get the user.txt
But ı couldn’t crack the S*M file with john .I just could able to do it online via hashkiller.If someone can crack via John,please send me a PM.I really wonder what is my mistake.

Thanks

Got it. If you want to help. Feel free to PM.

Rooted! Thanks to everybody some hints in the post was the only thing needed to get me out the rabbit hole ;-D

Getting user… must I download 5GB .vhd ? So sad

Type your comment> @sayanthanpera said:

Getting user… must I download 5GB .vhd ? So sad

Just mount it dude. There’s a note on the share that even mentions that.

Type your comment> @hva said:

Type your comment> @sayanthanpera said:

Getting user… must I download 5GB .vhd ? So sad

Just mount it dude. There’s a note on the share that even mentions that.

Thanks dude