Heist

Finally got root… It is a great box learned a lot about windows priv esc…

@ last :smiley:

@MinatoTW Great box mate! Really enjoyed user. Root took me a bit but got there in the end. Good practice for me, not strong when it comes to windows.

Got Root - woot, woot. Great box! Enumeration REALLY is key. Enumerate all the things.

Thanks guys @hoodedfigure and @chucksnjoes !

Spoiler Removed

Stuck on my way to root. any nudge would be appreciated if any one could pm me.

Type your comment> @Chahle said:

Stuck on my way to root. any nudge would be appreciated if any one could pm me.

Same here.

Are we suppose to reverse this sha? or is this a rabbit hole… on root

Type your comment> @Dreadless said:

Type your comment> @Chahle said:

Stuck on my way to root. any nudge would be appreciated if any one could pm me.

Same here.

Have a look at the running processes. Something sticks out… maybe it leaves things on disk or maybe you can get something out of it another way.

Type your comment> @44616c79 said:

Type your comment> @Dreadless said:

Type your comment> @Chahle said:

Stuck on my way to root. any nudge would be appreciated if any one could pm me.

Same here.

Have a look at the running processes. Something sticks out… maybe it leaves things on disk or maybe you can get something out of it another way.

I’ve tried looking for running processes but I don’t have permission to? unless I am doing it incorrectly. I am on as C***e should i be on as another user?

You can’t list running processes?

Rooted!
Great box :smile:
PM for hints

Type your comment> @44616c79 said:

You can’t list running processes?

hmmm… turns out I can list processes. Perhaps I was having a “I can’t type” moment

Rooted !

Interesting box :).

PM if needed

Type your comment> @Dreadless said:

Type your comment> @44616c79 said:

You can’t list running processes?

hmmm… turns out I can list processes. Perhaps I was having a “I can’t type” moment

I kept doing the Linux enumeration… some of the commands don’t directly port over to Windows. :smiley:

Rooted, it’s a nice box, good enumeration practice for Windows.

Lots of hints already in this discussion thread. For user, there’s one level of indirection to get another user using a well known method for enumerating users on a well known port. For root, look at what’s running, which user is running it, then look for data.

PM for hints.

Hi :slight_smile: if is some “bruteforce” for login to a service , a small wordlist with u****me is ok ? Overwise Is very long

Type your comment> @christrc said:

Hi :slight_smile: if is some “bruteforce” for login to a service , a small wordlist with u****me is ok ? Overwise Is very long

you don’t have to bruteforce anything

Problem with username … seems not working … (works in s**) but not in a service in a higher port :confused: