Bastion

Alright, day 4 of privesc and I am really missing the nail here lol. I am lost on how to utilize the .py apps to dump the hashes out of r*****n and at this point Im not really learning. If anyone could please PM me a hint as to whether or not I need to move in a diff direction or if Im on target and just need to try harder!
THanks!

Rooted. I used Kali and and my host Windows machine.

If anyone needs a hint let me know.

Can anyone help me with the initial enumeration? Found the ports, and the services running. I tried looking into s** but i am just stuck. I have looked into creating n*** sessions but I am not sure where I am going wrong.

what do i do when im in desktop ?? sorry for stupid question :pensive:

Need a nudge for root.

Know what the exploit is but for some reason cannot get it to work.

Thanks.

I’m getting a “MAC check failed” when I use the python script.
Any help?

help with mount it seems that everything is asking 4 password…and yes my VT-D is on.

i found what i need and mount it
by the end of the day its all about your CLI input :slight_smile:

Type your comment> @TimmyTheOG said:

I’m getting a “MAC check failed” when I use the python script.
Any help?

I have this same problem.

Type your comment> @osmus said:

Type your comment> @TimmyTheOG said:

I’m getting a “MAC check failed” when I use the python script.
Any help?

I have this same problem.

I ended up using the portable version to get around this issue.

Rooted!

I have Mounted the vhd backup file now I don’t know what should i do !!!

Enjoyable user and root, got stuck on user for a good while before I caught my dumb mistake :slight_smile:

Good evening everyone. First box and I’m stuck trying to mount the VHD file. I’ve haven’t been able to find a tool that works and even tried doing 7a or 7z for it. Tried guestmount but i’m not able to get the syntax right because after I enter the IP I’m lost. Any advice would be greatly helpful.

Thank you in advance for your time.

Hi all! I got user, and stuck on admin. Many people said, that to get admin priv i needs to enum installed programs. So, i found few. But they aren`t vulnerable. Next, i read more comments here, and understand, that i need to write something, what using .NET. Am i right, or not?
And thank all of the forum members, you are breathtaking :wink:
P.S.: Sorry for my English :frowning:

Newermind, just got a root. :slight_smile:
Some tips:
USER: nmap, look at ports, not_eternalblue, some mounting, googling, and enumeration of windows system
ROOT: it is so simple, but u can overthink it. look at some programs, google it, get admin!
Thank you @L4mpje for realistic and interesting task :slight_smile:

.

Rooted. Pretty fun box, the path to victory seems relatively clear throughout, but I sure did scratch my head more than once!
Ping me if you need a nudge in the right direction.

Nice one. I’ve wasted a lot of time to search in wrong directions, but learned a lot there. If you are struggling with root, being a linux not windows person like me, don’t try to find a windows sudo-like command. There’s an easier way.

Enjoyed this as my first Windows-based HTB target. I spent more time learning how to interact with Windows files on Linux than anything else, haha!