Heist

1235717

Comments

  • Type your comment> @44616c79 said:

    Type your comment> @Dreadless said:

    Type your comment> @Chahle said:

    Stuck on my way to root. any nudge would be appreciated if any one could pm me.

    Same here.

    Have a look at the running processes. Something sticks out... maybe it leaves things on disk or maybe you can get something out of it another way.

    I've tried looking for running processes but I don't have permission to? unless I am doing it incorrectly. I am on as C***e should i be on as another user?

    Hack The Box

  • You can't list running processes?

    DAAAALY

    If you send a message for help, tell me what you've done or you won't get a reply.

  • Rooted!
    Great box :smile:
    PM for hints

  • Type your comment> @44616c79 said:

    You can't list running processes?

    hmmm.... turns out I can list processes. Perhaps I was having a "I can't type" moment

    Hack The Box

  • Rooted !

    Interesting box :).

    PM if needed

  • Type your comment> @Dreadless said:

    Type your comment> @44616c79 said:

    You can't list running processes?

    hmmm.... turns out I can list processes. Perhaps I was having a "I can't type" moment

    I kept doing the Linux enumeration... some of the commands don't directly port over to Windows. :-D

    DAAAALY

    If you send a message for help, tell me what you've done or you won't get a reply.

  • Rooted, it's a nice box, good enumeration practice for Windows.

    Lots of hints already in this discussion thread. For user, there's one level of indirection to get another user using a well known method for enumerating users on a well known port. For root, look at what's running, which user is running it, then look for data.

    PM for hints.

  • Hi :-) if is some "bruteforce" for login to a service , a small wordlist with u****me is ok ? Overwise Is very long

  • Type your comment> @christrc said:
    > Hi :-) if is some "bruteforce" for login to a service , a small wordlist with u****me is ok ? Overwise Is very long

    you don't have to bruteforce anything
  • Problem with username .. seems not working ... (works in s**) but not in a service in a higher port :/

  • Finally Rooted :tongue: @MinatoTW A good box, for me it was a new approach on the Root PrivEsc. However, it was fun.

  • 3 usernames and passwords that don't work anywhere is this to throw you off?

  • edited August 15

    Hints for user:

    • Creds aren't useless
    • The hash is not a rabbit hole
    • You need to find more than 3 users
    • Check that ruby code posted before

    Going for root now

    Edit: Hints for root:

    • Weird things running on the machine
    • There's some nice loot within those weird things

    Tohzzicklao

  • Type your comment> @juggydancesqd said:

    3 usernames and passwords that don't work anywhere is this to throw you off?

    Careful saying they "don't work anywhere"...


    Hack The Box
    defarbs.com - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • Thanks for the help everyone I was able to root this box. Props to @V1s3r1on , @gexus , @zkvo , @0x6a666c6a72 , and @sazouki for making my 1st windows box on HTB a success. I went to your HTB profiles and gave you all respect. Thanks again

  • Got user, thanks @Silv3rDawg23

  • Rooted. Pretty much all you need has already been said in this discussion. Feel free to PM me if you are pulling your hair out xD

  • Rooted.

    If you need a nudge in the right direction, feel free to PM me.

    b1gbroth3r

  • Guys, I've set of username apart from initial 3 and passwords, but when i try all combinations it won't work! Can any1 help me??

    n1k3

  • for root, is the k*. file a rabbit hole? There doesn't seem to be a l****.**** file to go with it...

  • Rooted. If anyone wants a nudge, shoot me a PM

  • Rooted Finally :) Thank you @paulieh and @odinshell respect has been given!

    Hack The Box

  • Could anyone give me a nudge on user.I have 3 passwords and 2 users, but they don't work.

  • ROOOTED!!!

    AND I REALLY ENJOYED IT!! Thanks to the maker!

    In somehow windows machine are always different and there is always something new to learn, this one has been pretty fast but I needed to learn new tools and damn.. so cool!

    few hints:

    user: if you have 3 passwd but nothing fit inside, there is an impacket tool

    root: i don't know if i have been lucky but I noticed some processes i usually see on real machines but not on htb , the first attempt gave me everything very clearly, 1 tool is needed

    If you get stucked PM for any hint

    Hack The Box

  • Rooted. Thank you @naveen1729 for your help and of course thank you @MinatoTW for a great box.

    For root

    • Enumerating the home directory including hidden files is always important.
    • Don't stick to Chaos too much.
  • why can i only find two users and passwords?

  • Finally rooted!
    don't know why pyhton module doesn't work correctly... i've lost a day!

    See Ya!
    0xdebe

  • Type your comment> @rootoor said:

    why can i only find two users and passwords?

    There is third one also on the same page you have to do deep analysis...
    And also think creatively...

  • edited August 16

    Type your comment> @Sameasname said:

    Type your comment> @D4nch3n said:

    So I've gotten 3 usernames and 3 passwords but still cannot connect to high port....do we need more?

    I had same issue but was nudged to look at lo******d from impacket

    Could I please get a nudge here? I've tried using this but just getting errors :/

    Edit: Nevermind, just had to think it through, I'm a scrub.

  • edited August 16

    Rooted... Really fun box, very straight forward. PM for a nudge.

    Arrexel

Sign In to comment.