Bastion

Can anyone help me with the initial enumeration? Found the ports, and the services running. I tried looking into s** but i am just stuck. I have looked into creating n*** sessions but I am not sure where I am going wrong.

what do i do when im in desktop ?? sorry for stupid question :pensive:

Need a nudge for root.

Know what the exploit is but for some reason cannot get it to work.

Thanks.

I’m getting a “MAC check failed” when I use the python script.
Any help?

help with mount it seems that everything is asking 4 password…and yes my VT-D is on.

i found what i need and mount it
by the end of the day its all about your CLI input :slight_smile:

Type your comment> @TimmyTheOG said:

I’m getting a “MAC check failed” when I use the python script.
Any help?

I have this same problem.

Type your comment> @osmus said:

Type your comment> @TimmyTheOG said:

I’m getting a “MAC check failed” when I use the python script.
Any help?

I have this same problem.

I ended up using the portable version to get around this issue.

Rooted!

I have Mounted the vhd backup file now I don’t know what should i do !!!

Enjoyable user and root, got stuck on user for a good while before I caught my dumb mistake :slight_smile:

Good evening everyone. First box and I’m stuck trying to mount the VHD file. I’ve haven’t been able to find a tool that works and even tried doing 7a or 7z for it. Tried guestmount but i’m not able to get the syntax right because after I enter the IP I’m lost. Any advice would be greatly helpful.

Thank you in advance for your time.

Hi all! I got user, and stuck on admin. Many people said, that to get admin priv i needs to enum installed programs. So, i found few. But they aren`t vulnerable. Next, i read more comments here, and understand, that i need to write something, what using .NET. Am i right, or not?
And thank all of the forum members, you are breathtaking :wink:
P.S.: Sorry for my English :frowning:

Newermind, just got a root. :slight_smile:
Some tips:
USER: nmap, look at ports, not_eternalblue, some mounting, googling, and enumeration of windows system
ROOT: it is so simple, but u can overthink it. look at some programs, google it, get admin!
Thank you @L4mpje for realistic and interesting task :slight_smile:

.

Rooted. Pretty fun box, the path to victory seems relatively clear throughout, but I sure did scratch my head more than once!
Ping me if you need a nudge in the right direction.

Nice one. I’ve wasted a lot of time to search in wrong directions, but learned a lot there. If you are struggling with root, being a linux not windows person like me, don’t try to find a windows sudo-like command. There’s an easier way.

Enjoyed this as my first Windows-based HTB target. I spent more time learning how to interact with Windows files on Linux than anything else, haha!

Rooted! Very nice box, it was my first windows box and I am beginner so learned few new tricks! Thanks L4mpje !
All via kali and terminal, no need to download vdi, no need to boot windows VM.
Had to scratch my head for root, but at last I found out that i was looking at the right place but too deeply…

Few tips:

User: Enumerate everything and try everything. No need for windows VMs or downloads. If trouble checking files remotely - google is your friend. You will get right page with instruction in first 5-10 results. After then - regular Windows enumeration

Root: Enumerate, look at apps. Dont think too much (just a bit) on HOW but focus more on WHERE. Do not need to copy any files locally, just get the small py tool and put what you found there, you will get an answer.

Was a pleasure!

@dajukeboxhero said:
Good evening everyone. First box and I’m stuck trying to mount the VHD file. I’ve haven’t been able to find a tool that works and even tried doing 7a or 7z for it. Tried guestmount but i’m not able to get the syntax right because after I enter the IP I’m lost. Any advice would be greatly helpful.

Thank you in advance for your time.

You are at the right place, google it - in first 5-10 pages there will be your answer with good syntax.