Heist

Type your comment> @Chahle said:

Stuck on my way to root. any nudge would be appreciated if any one could pm me.

Same here.

Are we suppose to reverse this sha? or is this a rabbit hole… on root

Type your comment> @Dreadless said:

Type your comment> @Chahle said:

Stuck on my way to root. any nudge would be appreciated if any one could pm me.

Same here.

Have a look at the running processes. Something sticks out… maybe it leaves things on disk or maybe you can get something out of it another way.

Type your comment> @44616c79 said:

Type your comment> @Dreadless said:

Type your comment> @Chahle said:

Stuck on my way to root. any nudge would be appreciated if any one could pm me.

Same here.

Have a look at the running processes. Something sticks out… maybe it leaves things on disk or maybe you can get something out of it another way.

I’ve tried looking for running processes but I don’t have permission to? unless I am doing it incorrectly. I am on as C***e should i be on as another user?

You can’t list running processes?

Rooted!
Great box :smile:
PM for hints

Type your comment> @44616c79 said:

You can’t list running processes?

hmmm… turns out I can list processes. Perhaps I was having a “I can’t type” moment

Rooted !

Interesting box :).

PM if needed

Type your comment> @Dreadless said:

Type your comment> @44616c79 said:

You can’t list running processes?

hmmm… turns out I can list processes. Perhaps I was having a “I can’t type” moment

I kept doing the Linux enumeration… some of the commands don’t directly port over to Windows. :smiley:

Rooted, it’s a nice box, good enumeration practice for Windows.

Lots of hints already in this discussion thread. For user, there’s one level of indirection to get another user using a well known method for enumerating users on a well known port. For root, look at what’s running, which user is running it, then look for data.

PM for hints.

Hi :slight_smile: if is some “bruteforce” for login to a service , a small wordlist with u****me is ok ? Overwise Is very long

Type your comment> @christrc said:

Hi :slight_smile: if is some “bruteforce” for login to a service , a small wordlist with u****me is ok ? Overwise Is very long

you don’t have to bruteforce anything

Problem with username … seems not working … (works in s**) but not in a service in a higher port :confused:

Finally Rooted :tongue: @MinatoTW A good box, for me it was a new approach on the Root PrivEsc. However, it was fun.

3 usernames and passwords that don’t work anywhere is this to throw you off?

Hints for user:

  • Creds aren’t useless
  • The hash is not a rabbit hole
  • You need to find more than 3 users
  • Check that ruby code posted before

Going for root now

Edit: Hints for root:

  • Weird things running on the machine
  • There’s some nice loot within those weird things

Type your comment> @juggydancesqd said:

3 usernames and passwords that don’t work anywhere is this to throw you off?

Careful saying they “don’t work anywhere”…

Thanks for the help everyone I was able to root this box. Props to @V1s3r1on , @gexus , @zkvo , @0x6a666c6a72 , and @sazouki for making my 1st windows box on HTB a success. I went to your HTB profiles and gave you all respect. Thanks again

Got user, thanks @Silv3rDawg23

Rooted. Pretty much all you need has already been said in this discussion. Feel free to PM me if you are pulling your hair out xD