Heist

Rooted.

Good box, learned so much. Moreover, it is an interesting way to get a box.

Hint for users:

  • There is already what you need on this forum.

Hints for root:

  • Once you found the process to use to get what you want. Maybe ask yourself where are stored the information you seek while this process is running :slight_smile:
  • Beware of the flags you use if you use the most common tool for that.
    Maybe there is another way to go, but here are my hints.

I hope it helps, glhf !

hello everyone :slight_smile: working on root now. i think i understand at what process i should looking, but i can’t find file k**4.d under usual location. Can somebody help me?

nvm, I was blind, found it. Now trying to do something with it

okay, I am stuck on it :slight_smile: is where any way to copy files from heist machine to my kali and vise versa?

Hello, i am currently getting lots of NT_STATUS_DISCONNECTED or TIMEOUT when trying to enum S**ct and r***t. any help would be appreciated

EDIT: (Got it, Thanks for the help)

Type your comment> @Raven37 said:

hello everyone :slight_smile: working on root now. i think i understand at what process i should looking, but i can’t find file k**4.d under usual location. Can somebody help me?

nvm, I was blind, found it. Now trying to do something with it

okay, I am stuck on it :slight_smile: is where any way to copy files from heist machine to my kali and vise versa?

Did you able to root?, am stuck on same step got k**.d* but what next? reading article , it mentioned it required log**.j** to decrypt? Am i on the wrong path?

im stuck with the username, i tried all in sb and w***r, little hint in pm, thanks

@MarsG no. i agree, maybe *.db is a wrong path

Spoiler Removed

i can’t decrypt secret hash… plz someone hint me

Type your comment> @azeroth said:

i can’t decrypt secret hash… plz someone hint me

Use hashcat - no rules - rocking list - crack in less than a minute

@Raven37 said:
hello everyone :slight_smile: working on root now. i think i understand at what process i should looking, but i can’t find file k**4.d under usual location. Can somebody help me?

nvm, I was blind, found it. Now trying to do something with it

okay, I am stuck on it :slight_smile: is where any way to copy files from heist machine to my kali and vise versa?

I used pscp:

https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

  1. Create a cmd session (upload nc to victim, reveres to attacking box)
  2. Upload pscp, and use it like you would scp

Hi Folks,
Stuck on privesc -
I have the db files
I have dumps of the process
What am I looking for? Am I in a rabbit hole?
Thanks

Finally got root.

Hints:
User:
enumerate, enumerate, enumerate
crack what you enumerate
enumerate some more
Look beyond what you think is normal
play with the rubies

Root:
Think a little forensically
Grep and Strings are your friend
Don’t we always harp on credential re-use?

Feel free to DM me for hints.

Thanks to @minatoTW for making the box and @marlasthemage for all your help!

@1337mm look at my comment above.

Wow I had an unusual hard time getting user. Protip: use hashcat on your native machine.

Rooted.

I hitted head against the wall to understand creds logic, last step was so obvious that i overlooked it.

Pretty fun and useful box.

  • Feel free to PM for help

I have the k.d* file, but I’m stumped as to what to do next. I cant see a way to decrypt it with the info I have. I can’t see any info that stands out from the processes either. Is there a tool or ps cmd like pspy but for windows? Also there is no l*****.j**n file?

EDIT:

Rooted. Was chasing rabbits.

Hints:

File transfers were a pain, nc.exe worked for me.

Root - I love taking a dump on Windows!

Awesome box, learned alot thanks @minatoTW!

I have all the usernames and the 3 password, still cant connect what do I miss ? Should I enum more ?

Type your comment> @C3PJoe said:

@1337mm look at my comment above.

Thanks for the comment “Think a little forensically” - rooted

@MinatoTW Thanks for this exercise, taught me a lot about what can be gleaned from the process, also about seeing the trees amongst the forest.

On root - Can someone DM me?

I am unable to find the exact next step. I have a stable shell and I am able to transfer files without any issues. I have looked at every process, like others suggested in this thread, but it looks like I am unable to find the exact one that will allow me to move forward.

Thanks!

Edit: Rooted - Thanks @Raven37