Heist

18911131424

Comments

  • @44616c79 said:
    Type your comment> @Dreadless said:

    Type your comment> @Chahle said:

    Stuck on my way to root. any nudge would be appreciated if any one could pm me.

    Same here.

    Have a look at the running processes. Something sticks out... maybe it leaves things on disk or maybe you can get something out of it another way.

    I'm looking at the processes right now but can't see which one i should 'use'....

  • Type your comment> @naveen1729 said:

    Rooted, it's a nice box, good enumeration practice for Windows.

    For root, look at what's running, which user is running it, then look for data.

    PM for hints.

    Humm...wonder how to do it because user account doesn't have enough priv to use the needed parameter with G**P****ss.....

  • Rooted, thank you for the nudges! It's a simple box, I think the biggest frustration for me was the fact that it's windows but I learned something, which is the main reason I'm here, so it was great :)

  • edited August 2019

    Got user, now just stuck on root

  • edited August 2019

    nvm

  • Type your comment> @deadeye1099 said:

    Could someone pm me a nudge for user. I've got the 3 passwords decrypted and tried to connect with the tools noted in this forum and none of it seems to work for me. I've tried all combinations of users and passwords

    then find more users

  • Rooted.

    Excellent machine @MinatoTW !

    Sweet and straight to the point. Reminder to enumerate properly and not over-complicate things.

    PM me for nudges.

    "ClickmedotEXE"
    CISSP | OSCP
    arodtube

  • Rooted! Thanks to @zalpha and @Deguy for the nudges. Happy to help anyone who's stuck out!

    marlasthemage

  • edited September 2019

    Rooted! my machine was not running right lol

  • Someone pls PM me for help. Im on root and struggling with a strange issue.

  • Can someone help me with root. I got a mem dump of a firery process and was wondering if thats a rabbit hole.

  • Rooted:EzClap

  • Rooted, The machine took me long hours to finish due of many Creds found on there beside the machine was not stable always disconnect me,

    Hints For User:

    • Enumeration is the key, it's a good idea to open a notepad and put all the usernames/passwords you collect
    • Some passwords could be used for other users
    • Find other username as people were saying in the forum
    • Remember it's a windows machine and windows tend to use some famous protocol
    • Use the evil-winrm as people said in the forum and please read the manual

    Hints For Root:

    • Try to check the processes running on the machine
    • think what kind of actions could be taking when you see a process
    • Remember the second rule from "Hint For User"

    If you need any nudges please PM me

  • Anyone else missing a file when trying to get root?

  • edited September 2019

    Hi everyone,

    After a while, i've got user on this one, but i'm stuck on root, can you give me a nudge please ?

    I'm logged as C***e , previously as H****d, i have a list of users and some passwords but now i'm stuck :(

    already found the k**.b file but i cant get anything from this ( i think it's a rabbit hole)

    please help :disappointed:

    thank you in advance ! :dizzy:

    Edit: Rooted, thanks to @DarkGh0st187 and @Saranraja for the help !

    I was searching really too far x)

  • Rooted.

    Thank you @albertojoser for the nudge!

  • edited September 2019

    .

  • I tried e-w**** and the ruby script. E-W**** doesn't work per other comments and the ruby script throws a boatload of errors. Can someone help?

    Hack The Box
    Follow me on Twitter: @C_3PJoe

  • I have user. I may need a bit of a push on what I am supposed to do for root. I'm looking through services and I think I understand what other comments are saying. Just still not sure exactly what it is I need to do with that info.

  • Could I get someone to sanity check what I am doing? I am not sure whether or not I am suffering from tunnel vision.

  • Type your comment> @DameDrewby said:

    Type your comment> @Dreadless said:

    Stupid question but do i need to be cracking the $1$ I have decrypted the other 2 passwords but can't seem to crack the other!

    Yes

    I am struggling to find a way to crack the $1$ password. Any hint on how to do it?

  • edited September 2019

    Spoiler Removed

  • Type your comment> @C3PJoe said:

    I tried e-w**** and the ruby script. E-W**** doesn't work per other comments and the ruby script throws a boatload of errors. Can someone help?

    Acknowledge that Ruby clients not reliable here, for me never worked (either software I found online, evil-***, w*** etc.).

    Tried bunch manipulations, played with timeouts, transport specifications - service just returns 500 error (not the MSF case, communication is crypted) and that's it..

    In that case I suggest you to drawback to native client (which is intended to use by vendor). That worked for me.

    P.S. im**** loo*****d as well doesn't works for me - throws NetBIOS timeout error... Do not see any place in code to mitigate this, looks like dependency behavior.
    Instead of that suggest you to use another fuzzer (pat****r) - works like a charm for all enumeration phases with this box.

    dee33

  • Thanks @dee33 !

    Hack The Box
    Follow me on Twitter: @C_3PJoe

  • Type your comment> @geLecram said:

    FOR USER: As of this date, a certain impacket tool is broken. Had to hunt down the correct script.

    https://github.com/SecureAuthCorp/impacket/blob/master/examples/lookupsid.py

    Always throws "timed out" for me

  • Type your comment> @Saranraja said:

    Some ping me, i need help for root.
    edited : No one ping me heist rooted on my own way.Ping me i am always ready to help you.
    It is really really funny box xD

    Congratulations Bro

  • Type your comment> @OscarAkaElvis said:

    Hi, I saw some people asking for a tool to connect to W***m. Ok I can recommend this tool on which I'm collaborating.

    Easy to install via git clone or via gem install (this is even easier). All needed is in the documenation at readme file: https://github.com/Hackplayers/evil-winrm

    Hope it helps!

    Thank you for your tool ! This is great stuff !

  • Type your comment> @Noxious said:

    Type your comment> @geLecram said:

    FOR USER: As of this date, a certain impacket tool is broken. Had to hunt down the correct script.

    https://github.com/SecureAuthCorp/impacket/blob/master/examples/lookupsid.py

    Always throws "timed out" for me

    You may have to install the entire repository to ensure that all the requirements are available for that tool. Make sure you follow the README install instructions

  • edited September 2019

    Spoiler Removed

  • Finally rooted!

    Thanks for those who helped.

    Hint for root : process is the key!

Sign In to comment.