Heist

13468917

Comments

  • Find Where they ?

  • Few tips!
    Overall: Dont think too much. Google alot. Basic enumeration is the key :) Basic commands enough!
    User: Creds are in front of you, read carefully. I wasn't, so lost a lot of precious time searching the most obvious. Later do the shit and enum services. Remember it's a Windows box.
    Root: Look what you got, and google for what are you looking for! Remember simplicity, don't be ultimateHax00r :) Basic commands enough once again. I lost a lot of time trying to do it in "haxx00r" style haha :D

  • edited August 16

    Nice and easy box. Thank you @MinatoTW for the quick solve -- I've enjoyed almost all of your boxes so far (except for Ghoul, I'm sorry :disappointed:)... This was a great way of introducing a Windows box to newer users with less environmental familiarity, so I applaud you for that.

    Per usual, my hints:

    user:

    Standard web enumeration isn't quite enough. Check out what other ports are open and enumerate a bit further. Once you've collected everything you need, you can use a common Windows protocol to get your shell. The previous comments in this thread should already be enough to figure out what I'm referring to here (though, I've heard some people on free servers have had a bit of trouble with it).

    root:

    Check what processes are running. There's one in particular that's interesting. Can you get anything from it? Maybe see what it can give you and go from there.


    Hack The Box
    defarbs.com - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • Stuck on cracking $1 pass, any hint?

  • Root owned.


    OSCP | PMP

  • I'm not sure what people meant by "weird processes running" or "look for output" but in my case what would have saved me some time is this piece advice: "If you find a password, make sure to try it everywhere !!"

    Feel free to PM me for hints if you like, thanks to the creator for a fun machine.
  • What a wonderful machine :)

    For user: the password is right in front of you. You just need to find the username.

    For root: look for what is running and extract its data.

    The sha-256 seemed useless for me since it is unbreakable in a reasonable time, so I'm not sure why did someone mention it in here ...

    Hack The Box

    OSCP | GPEN | CREST CRT | eCPPTv2 | GWAPT | CREST CPSA | ACE

  • edited August 16

    Type your comment> @Ryan412 said:

    What a wonderful machine :)

    For user: the password is right in front of you. You just need to find the username.

    For root: look for what is running and extract its data.

    The sha-256 seemed useless for me since it is unbreakable in a reasonable time, so I'm not sure why did someone mention it in here ...

    The SHA-256 is merely a pointer... I wouldn't bother trying to crack it. Look at the running processes on the machine instead.


    Hack The Box
    defarbs.com - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • edited August 16

    .

    Hack The Box

    OSCP | GPEN | CREST CRT | eCPPTv2 | GWAPT | CREST CPSA | ACE

  • Root was fun, finding user was a pain checking out all the credentials.

    Arrexel

  • guys, need help for user, I've usernames and passwords but it won't allow me to login on higher port.

    n1k3

  • My first own on both user and root!

    User: This is the real struggle. Just dont give up, you are probably closer than you think.
    Root: I may have done root wrong. It was too easy.

  • You are in the right path, but maybe you have to find the user who matches the passwords. @nospace

  • Watch the processes that will help you later. ;) @badman89

  • edited August 16

    Spoiler Removed

  • AklAkl
    edited August 17

    Rooted , that was a good box.

    Learned a lot about Power Shell. The below will help in searching all files to get something useful.

    Get-ChildItem -Path (Your Path) -Recurse -File | Select-String (Keyword)

  • Rooted! Nice box.
    User is all about enumeration.
    Root is straightforward.

    Hints in the current thread are sufficient to get you both.

  • Type your comment> @D4nch3n said:

    for root, is the k*. file a rabbit hole? There doesn't seem to be a l****.**** file to go with it...

    I have the same problem, only found the k**.b file, did not find the l***.*n file, how to get the information I need?

  • Rooted, great box, pen-testing basics only

    User: enumerate, crack, harvest, test your loot, find the missing pieces, all clues are there and here in the thread

    Root: 10 minutes if you enumerate, nothing fancy

    Happy to help if you tell me what you've already got and are NOT asking a question that's already answered in here :)

    If I help you out, drop a respect, two clicks to say thanks, link below.

    https://www.hackthebox.eu/home/users/profile/121966

  • Rooted
    downloaded 4xx mb of file just for the pw
    but it was fun!

  • Rooted, great box.
    Thanks @Akl for that:
    "Get-ChildItem -Path (Your Path) -Recurse -File | Select-String (Keyword)"
    Feel free to PM if stack.

  • I seem to have a ruby issue any one know how to fix

    /usr/lib/ruby/vendor_ruby/net/ntlm/client/session.rb:39: warning: constant OpenSSL::Cipher::Cipher is deprecated
    /usr/lib/ruby/vendor_ruby/net/ntlm/client/session.rb:128: warning: constant OpenSSL::Cipher::Cipher is deprecated

    cant seem to use either ruby script

    have 3 cleartexts and 4 users but am stuck by this

    CurioCT

  • I've had user for a week.. not sure what I'm looking for.. It might because of the shell i have, but my user doesnt have permissions to see running processes. looked in the both program file folders, nothing stands out. Can someone nudge me in the right direction.

  • Just rooted. Not sure what everyone meant by looking for a unique process.... I found an encrypted password somewhere that just needed to be decrypted...

    phase

  • For user:
    Does getting the right username requires guessing? I found 4 usernames and 3 passwords, tried all the combinations and none worked. (on the higher port)
    I'm trying to do a username brute force for now.

  • Type your comment> @0x000c0ded said:

    For user:
    Does getting the right username requires guessing? I found 4 usernames and 3 passwords, tried all the combinations and none worked. (on the higher port)
    I'm trying to do a username brute force for now.

    Check out a particular script from impacket that could help enumerate usernames.....
    lo******d.p*

    phase

  • edited August 18
    Thank you @Phase ! I'll check that out, I'm pretty weak when it comes to windows enumeration, trying to learn :'P
    Edit: that worked, thanks!
  • I have one account with wich I can login on the two services now. Do I need more credentials to continue?

  • edited August 18

    Can someone give me hint about privilege escalation?
    I found the browser process... (only thing that stands out tbh) looked inside place where it stores data. However didnt find anything useful here except of few empty databases.

    Is that browser process used to gain root? Did i miss something inside the place where it stores data?

    PS. Some people are trolling this machine, few hours ago the data storage directory had changed permissions, so noone else could access it with user privileges.

  • Ok, HUGE hint.

    You don't need to do anything with processes, do the same thing you did for user.

    If I help you out, drop a respect, two clicks to say thanks, link below.

    https://www.hackthebox.eu/home/users/profile/121966

Sign In to comment.