Heist

Type your comment> @L1vra said:

Type your comment> @StevenKennyIT said:

Quick question for anyone who has the time:

Am I meant to be able to successfully login/authenticate to the wm service using the hd account? Or, am I meant to do password guessing against the users obtained from l******d.py ? Any help is appreciated

To help you, there is a module on metasploit, which let you test usernames-passwords on the remote system to see if you can login. It also gives you the option to make a file of user-pass combinations and use it to test all of these and see what and how many combinations are correct.
PS: That module do not let you login , but finds the right combination

Thanks @L1vra and @icedmana. Rooted

Hi, I’ve found two passwords in the “file”. I think the username could be Hd, rr or a***n.

I tried with smbclient, I failed.
I tried witn WM, I failed.
I tried with lo
***d.py I failed.
I tried with Metasploit, I failed.

I tried many other tools but nothing worked. I can’t access the shares or connect to a service.

Don’t know what to do…

Type your comment> @kalagan76 said:

Hi, I’ve found two passwords in the “file”. I think the username could be Hd, rr or a***n.

I tried with smbclient, I failed.
I tried witn WM, I failed.
I tried with lo
***d.py I failed.
I tried with Metasploit, I failed.

I tried many other tools but nothing worked. I can’t access the shares or connect to a service.

Don’t know what to do…

You’ll need to do something with lo******d.py with what you have (play around with the information sets here, you need both a working cred including both username and password) to get more information. From there, try playing with the other service you are aware of. A useful github repo has been previously linked in this thread.

got root the unintended way it seems, quite annoyed though since it wasnt intended, anyone able to pop up and explain to me this “process way” ?

Edit: Solved nvm lol… overlooked that uncommon app since i thought it was nothing out of the ordinary…

I can connect to samba / rpc but cant with evil-winrm is it normal ?

Cracked secret 5 password. Have 3 users from con*** file, and few more from impacket script.
Do I have to crack/find more passwords in order to use that high port exploit? With the current credentials a receive invalid login.

Many thanks!

NVM: After I posted this, I got user in few minutes. Cracked more passwords from the con*** file.

Type your comment> @frazvan said:

NVM: After I posted this, I got user in few minutes. Cracked more passwords from the con*** file.

How in the ■■■■ can you crack “more” passwords from the c***** file considering there’s only 3 things to decrypt?

Can someone please tell me if my syntax is correct in order to use l*******d.py ?

./l*******d.py username:password@10.10.10.149

id password include things like ) i use:

./l*******d.py username:“password”@10.10.10.149

Do i need to provide the port number?

@kalagan76 said:

Can someone please tell me if my syntax is correct in order to use l*******d.py ?

./l*******d.py username:password@10.10.10.149

id password include things like ) i use:

./l*******d.py username:“password”@10.10.10.149

Do i need to provide the port number?

username:password should work fine, just tested and it indeed works for me.
You’re probably not using the right credentials

Type your comment> @kalagan76 said:

Type your comment> @frazvan said:

NVM: After I posted this, I got user in few minutes. Cracked more passwords from the con*** file.

How in the ■■■■ can you crack “more” passwords from the c***** file considering there’s only 3 things to decrypt?

At the time when I posted here, I only cracked one password from the c***** file, the secret 5 password.
After that, I cracked the other 2 passwords from the same file.

взял root.
интересная машинка.
информация которая предоставлена на форуме достаточно для получения root.
нужна помощь пишите.

took root.
interesting machine.
The information that is provided on the forum is enough to get root.
need help write.

Type your comment> @skiddyyy said:

I can connect to samba / rpc but cant with evil-winrm is it normal ?

yes, this specific machine had issues with a few different w**** tools… try the one thats written in ruby

Type your comment> @d3d said:

Type your comment> @skiddyyy said:

I can connect to samba / rpc but cant with evil-winrm is it normal ?

yes, this specific machine had issues with a few different w**** tools… try the one thats written in ruby

Already tried still doesnt work…

■■■■, so i have 3 passwords and 3 usernames. I am able to connect to the share with the credentials. I have tried using the ruby script and other w**** tools but keep getting authentication errors. I even tried using my windows vm to user more native w**** tools. Can someone push me towards the right direction! I would greatly appreciate it!

Type your comment> @Aidsko said:

■■■■, so i have 3 passwords and 3 usernames. I am able to connect to the share with the credentials. I have tried using the ruby script and other w**** tools but keep getting authentication errors. I even tried using my windows vm to user more native w**** tools. Can someone push me towards the right direction! I would greatly appreciate it!

Try metasploit module to check right combination of those creds :smile:

Currently working on root but seem to have hit a brick wall. I’m pretty certain I’ve figured out the correct application as the file I’m looking at has been mentioned several times in the forum, however I haven’t been able to decrypt it. Uploaded an application to get the password but it was ineffective as a master password seems to be in use.

A lot of the previous comments imply that the answer is much simpler than it might appear. Would really appreciate a nudge in the right direction. Heading to bed now - sorry if I don’t respond for a few hours.

Cheers.

usernames and 3 cracked passwrds from c***** file didn’t help authenticate neither ./l***d.py script nor msf w login module. Any help on how to get the correct username?

Update : Rooted! The root was so simple than user. Wasted a day for root complicating things…

Rooted

I NEED TO UNDERSTAND TWO THINGS:

  • Why the exploit didn’t work in metasploit or the other ruby scripts? if someone knows, please tell me.
  • From where the ■■■■ you got the username C**e? Has it been mentioned some whare in the website? if someone knows, please tell me.

The root flag was much more easier than user flag.

Ok so I have 3 password and 3 username which i got from the file they give you
I can connect to samba / rpc but i cant enumerate from this cause few rights
i tried the rb script and evil-winrm on both windows and linux machine
I tried to bruteforce username with the 3 password using the metasploit auxiliary tool
I obviously tried all the combinations between these username/password

Still doesnt work, im really stuck, I already tried all the options.

Stuck on root. Could someone give me a nudge? Like others said I’m missing the l****.***n file and cant see any other interesting processes.