Heist

Type your comment> @kalagan76 said:

Type your comment> @frazvan said:

NVM: After I posted this, I got user in few minutes. Cracked more passwords from the con*** file.

How in the ■■■■ can you crack “more” passwords from the c***** file considering there’s only 3 things to decrypt?

At the time when I posted here, I only cracked one password from the c***** file, the secret 5 password.
After that, I cracked the other 2 passwords from the same file.

взял root.
интересная машинка.
информация которая предоставлена на форуме достаточно для получения root.
нужна помощь пишите.

took root.
interesting machine.
The information that is provided on the forum is enough to get root.
need help write.

Type your comment> @skiddyyy said:

I can connect to samba / rpc but cant with evil-winrm is it normal ?

yes, this specific machine had issues with a few different w**** tools… try the one thats written in ruby

Type your comment> @d3d said:

Type your comment> @skiddyyy said:

I can connect to samba / rpc but cant with evil-winrm is it normal ?

yes, this specific machine had issues with a few different w**** tools… try the one thats written in ruby

Already tried still doesnt work…

■■■■, so i have 3 passwords and 3 usernames. I am able to connect to the share with the credentials. I have tried using the ruby script and other w**** tools but keep getting authentication errors. I even tried using my windows vm to user more native w**** tools. Can someone push me towards the right direction! I would greatly appreciate it!

Type your comment> @Aidsko said:

■■■■, so i have 3 passwords and 3 usernames. I am able to connect to the share with the credentials. I have tried using the ruby script and other w**** tools but keep getting authentication errors. I even tried using my windows vm to user more native w**** tools. Can someone push me towards the right direction! I would greatly appreciate it!

Try metasploit module to check right combination of those creds :smile:

Currently working on root but seem to have hit a brick wall. I’m pretty certain I’ve figured out the correct application as the file I’m looking at has been mentioned several times in the forum, however I haven’t been able to decrypt it. Uploaded an application to get the password but it was ineffective as a master password seems to be in use.

A lot of the previous comments imply that the answer is much simpler than it might appear. Would really appreciate a nudge in the right direction. Heading to bed now - sorry if I don’t respond for a few hours.

Cheers.

usernames and 3 cracked passwrds from c***** file didn’t help authenticate neither ./l***d.py script nor msf w login module. Any help on how to get the correct username?

Update : Rooted! The root was so simple than user. Wasted a day for root complicating things…

Rooted

I NEED TO UNDERSTAND TWO THINGS:

  • Why the exploit didn’t work in metasploit or the other ruby scripts? if someone knows, please tell me.
  • From where the ■■■■ you got the username C**e? Has it been mentioned some whare in the website? if someone knows, please tell me.

The root flag was much more easier than user flag.

Ok so I have 3 password and 3 username which i got from the file they give you
I can connect to samba / rpc but i cant enumerate from this cause few rights
i tried the rb script and evil-winrm on both windows and linux machine
I tried to bruteforce username with the 3 password using the metasploit auxiliary tool
I obviously tried all the combinations between these username/password

Still doesnt work, im really stuck, I already tried all the options.

Stuck on root. Could someone give me a nudge? Like others said I’m missing the l****.***n file and cant see any other interesting processes.

Type your comment> @ibarrick said:

Stuck on root. Could someone give me a nudge? Like others said I’m missing the l****.***n file and cant see any other interesting processes.

Once you get the user, try to visit the web pages from inside. You will find something useful.

Type your comment

cracked all 3 passwords, but still milestone is far

Rooted! Pretty Nice box , congrats @MinatoTW

Ping me if you need help

hey, anybody could help me out? I can’t get opencl to work on my ivybridge soo… can’t really do that one thing I’m supposed to do. I know what I should, but unable. Could anyone give it to me? Thanks

–edit: got it, got in to the s**** but nothing seems to be up there. Please some nudge?

Type your comment> @rowra said:

hey, anybody could help me out? I can’t get opencl to work on my ivybridge soo… can’t really do that one thing I’m supposed to do. I know what I should, but unable. Could anyone give it to me? Thanks

–edit: got it, got in to the s**** but nothing seems to be up there. Please some nudge?

I’ve got 3 sets of creds. I tried metasploits w****_lo***, previously linked evil-w**r* and a python winrm lib too (wrote my own little wrapper for a pass checker brute forcer all combinations). Nothing seems to work. I tried adding some obvious/stock ones like Administrator. Nothing, going nuts about how to utilise these creds, they can’t be for nothing… please nudge

To save some others a massive headache turn off bash history substitutions with this command for the final step:

set +H

.

This is the easiest root privesc I’ve made. But I’ve not followed the usual path as most people to get it… So yeah there are 2 ways (at least) to get root.