Heist

Rooted Finally :slight_smile: Thank you @paulieh and @odinshell respect has been given!

Could anyone give me a nudge on user.I have 3 passwords and 2 users, but they don’t work.

ROOOTED!!!

AND I REALLY ENJOYED IT!! Thanks to the maker!

In somehow windows machine are always different and there is always something new to learn, this one has been pretty fast but I needed to learn new tools and ■■■■… so cool!

few hints:

user: if you have 3 passwd but nothing fit inside, there is an impacket tool

root: i don’t know if i have been lucky but I noticed some processes i usually see on real machines but not on htb , the first attempt gave me everything very clearly, 1 tool is needed

If you get stucked PM for any hint

Rooted. Thank you @naveen1729 for your help and of course thank you @MinatoTW for a great box.

For root

  • Enumerating the home directory including hidden files is always important.
  • Don’t stick to Chaos too much.

why can i only find two users and passwords?

Finally rooted!
don’t know why pyhton module doesn’t work correctly… i’ve lost a day!

Type your comment> @rootoor said:

why can i only find two users and passwords?

There is third one also on the same page you have to do deep analysis…
And also think creatively…

Type your comment> @Sameasname said:

Type your comment> @D4nch3n said:

So I’ve gotten 3 usernames and 3 passwords but still cannot connect to high port…do we need more?

I had same issue but was nudged to look at lo******d from impacket

Could I please get a nudge here? I’ve tried using this but just getting errors :confused:

Edit: Nevermind, just had to think it through, I’m a scrub.

Rooted… Really fun box, very straight forward. PM for a nudge.

Find Where they ?

Few tips!
Overall: Dont think too much. Google alot. Basic enumeration is the key :slight_smile: Basic commands enough!
User: Creds are in front of you, read carefully. I wasn’t, so lost a lot of precious time searching the most obvious. Later do the ■■■■ and enum services. Remember it’s a Windows box.
Root: Look what you got, and google for what are you looking for! Remember simplicity, don’t be ultimateHax00r :slight_smile: Basic commands enough once again. I lost a lot of time trying to do it in “haxx00r” style haha :smiley:

Nice and easy box. Thank you @MinatoTW for the quick solve – I’ve enjoyed almost all of your boxes so far (except for Ghoul, I’m sorry :disappointed:)… This was a great way of introducing a Windows box to newer users with less environmental familiarity, so I applaud you for that.

Per usual, my hints:

user:

Standard web enumeration isn’t quite enough. Check out what other ports are open and enumerate a bit further. Once you’ve collected everything you need, you can use a common Windows protocol to get your shell. The previous comments in this thread should already be enough to figure out what I’m referring to here (though, I’ve heard some people on free servers have had a bit of trouble with it).

root:

Check what processes are running. There’s one in particular that’s interesting. Can you get anything from it? Maybe see what it can give you and go from there.

Stuck on cracking $1 pass, any hint?

Root owned.

I’m not sure what people meant by “weird processes running” or “look for output” but in my case what would have saved me some time is this piece advice: “If you find a password, make sure to try it everywhere !!”

Feel free to PM me for hints if you like, thanks to the creator for a fun machine.

What a wonderful machine :slight_smile:

For user: the password is right in front of you. You just need to find the username.

For root: look for what is running and extract its data.

The sha-256 seemed useless for me since it is unbreakable in a reasonable time, so I’m not sure why did someone mention it in here …

Type your comment> @Ryan412 said:

What a wonderful machine :slight_smile:

For user: the password is right in front of you. You just need to find the username.

For root: look for what is running and extract its data.

The sha-256 seemed useless for me since it is unbreakable in a reasonable time, so I’m not sure why did someone mention it in here …

The SHA-256 is merely a pointer… I wouldn’t bother trying to crack it. Look at the running processes on the machine instead.

.

Root was fun, finding user was a pain checking out all the credentials.

guys, need help for user, I’ve usernames and passwords but it won’t allow me to login on higher port.