Heist

Read the information on the scan you did for open ports again, very detailed. This will give you the answer

Spoiler Removed

Type your comment> @OscarAkaElvis said:

I’ve read here sometimes that people is having problems to connect using Evil-WinRM. Believe me, Evil-WinRM is written in ruby and it works like a charm on this machine. It needs only the right user and password combination. If it is not working is because you are not using the right user and password combination, that’s all. Beware of the symbol $ if you need to pass it as a parameter. Single quotes instead of double quotes is a good idea to avoid bash vars expansion.

What’s the path to the type 5 username? unable to find it!

Not sure what I did wrong for root but… when I grabbed the things, I either had nothing useful, or using the full option I got back far too much information (436 MB) that took a while to parse through.

I originally rooted the box by cracking the hash but are there any clues on the “correct” way to solve this box ?

I need help with this… I’ve got 2 password, couldn’t cracked the third one …

Type your comment> @SaMuTa said:

I need help with this… I’ve got 2 password, couldn’t cracked the third one …

use hash cat to decrypt

Type your comment> @AshenOne said:

Type your comment> @SaMuTa said:

I need help with this… I’ve got 2 password, couldn’t cracked the third one …

use hash cat to decrypt

it’s taking to long to decrypt

Type your comment> @SaMuTa said:

it’s taking to long to decrypt

Maybe you’re using the wrong wordlist. The one I used rocks pretty hard and cracked it immediately.

After taking a step back, finally rooted it the intended way! Great new technique for my Windows Fu! Need to dig deeper on that one, wonder where else it might be applied and its limitations.

Need a nudge PM me.

Thanks @MinatoTW for the killer box !

Type your comment> @D8ll0 said:

Rooted

I NEED TO UNDERSTAND TWO THINGS:

  • From where the ■■■■ you got the username C**e? Has it been mentioned some whare in the website? if someone knows, please tell me.

The root flag was much more easier than user flag.

You got the username C***e by using a tool/script to enumerate “something” on the server.

Type your comment> @Seepckoa said:

The user part is not very complicated, you just have to find a way to match the passwords to a specific user that you have to search for yourself. The root is also easy, the file to**.txt will be a clue for you, to go further. :smiley:

Still can’t see why/how…

quick (and probably stupid) question:

I wasl playing around with the machine and was wondering if there’s any point to have a reverse shell on it from the P****S**l session?

i know user rights are the same but does it make thing easier, like running commands, etc…?

@44616c79 said:
Type your comment> @Dreadless said:

Type your comment> @Chahle said:

Stuck on my way to root. any nudge would be appreciated if any one could pm me.

Same here.

Have a look at the running processes. Something sticks out… maybe it leaves things on disk or maybe you can get something out of it another way.

I’m looking at the processes right now but can’t see which one i should ‘use’…

Type your comment> @naveen1729 said:

Rooted, it’s a nice box, good enumeration practice for Windows.

For root, look at what’s running, which user is running it, then look for data.

PM for hints.

Humm…wonder how to do it because user account doesn’t have enough priv to use the needed parameter with G**P****ss…

Rooted, thank you for the nudges! It’s a simple box, I think the biggest frustration for me was the fact that it’s windows but I learned something, which is the main reason I’m here, so it was great :slight_smile:

Got user, now just stuck on root

nvm

Type your comment> @deadeye1099 said:

Could someone pm me a nudge for user. I’ve got the 3 passwords decrypted and tried to connect with the tools noted in this forum and none of it seems to work for me. I’ve tried all combinations of users and passwords

then find more users

Rooted.

Excellent machine @MinatoTW !

Sweet and straight to the point. Reminder to enumerate properly and not over-complicate things.

PM me for nudges.