USER: It’s easy if you know to use a specific related to Windows registry.
ROOT: It’s easy when you have already discovered that stuff, but meanwhile you can break your brain till do it. The biggest hint I can give is, forget keep tracking the registry files because you won’t find anything relevant and you could waste a lot of time looking those files from ■■■■.
I read through most of this thread when I was stuck getting the user’s password and saw a lot of people mentioning just getting the S*M file and brute force cracking the password hash. That seemed a bit weird to me, as it could take a very long time (I tried normal password lists and got nothing) and I assumed this is probably not what the creator intended us to do. So I did a bit more digging and found the user’s password somewhere else, that did not require a dictionary or brute force attack. I won’t spoil anything, but just wanted to post this in case other people are bored of trying to just brute force crack an NTLM hash like I was.
Rooted and User-ed! 1st HTB box down! Can do the whole thing in Kali Linux, and a great many of you are on the right track - have been using this thread to see if I was going off on a tangent.
USER complete, been working on ROOT now for 2 days. I see the m******** app but the only thing I can find to exploit the monster is MSFCONSOLE. This being said, rev shell is not giving feedback unless I am on normal s** session. I have googled ways to achieve what m******* gives you but the only thing I can find is darned msf. Any assistance to do this without msf would be fabulously appreciated! Thanks all!
Rooted in Kali. I would advise to try and use a Linux machine only, to practice mounting. That’s the hint for the user.
As for root, check the programs installed and then Google it.
I can confirm that you can root this box without a Windows VM (unless you don’t use Windows at all). I used Kali and then my fully patched Windows 10 desktop and that was all.
Hi all.
this was my first box and it took a while but I gained user/root eventually. Just wanted to say thanks to everyone in this discussion. I needed a little nudge to pull me out of the rabbit hole when it came to gaining root.
Alright, day 4 of privesc and I am really missing the nail here lol. I am lost on how to utilize the .py apps to dump the hashes out of r*****n and at this point Im not really learning. If anyone could please PM me a hint as to whether or not I need to move in a diff direction or if Im on target and just need to try harder!
THanks!
Can anyone help me with the initial enumeration? Found the ports, and the services running. I tried looking into s** but i am just stuck. I have looked into creating n*** sessions but I am not sure where I am going wrong.