Heist

rooted, thanks to @marlasthemage :slight_smile: good box, learned a lot of new things

Never been more lost at root before, but I must say it was an excellent learning experience for memory forensics → priv esc. Big thanks to @C3PJoe and @v0yager for the help

Hint for root:
Dump the process with the right tool and the right flags to get EVERYTHING you need but you won’t really need everything in the end :smile:

On root as well- need some help. I have the file that is related to the process that you are looking for, and i moved it to my machine, but unsure what to do next since every website is telling me it requires more then one file. Can someone DM me for a bit of a push?

Rooted… huge shoutout to @marlasthemage for all the help that didn’t give much away, but was solid at pointing in the right direction!

Can someone PM me please ?

I’ve got the command, the path, etc…but i can’t simply find the “password” in all the displayed datas. The only thing that could look like a password include some weird character like question mark. It is just in front of me but i can’t figure what the password is…

is the s5 hash = s*t? I’m using the cracked pass with the usernames found in the c.txt in the script mentioned in the forums for username enumeration but no combination of usernames/passwords works for me…

Rooted finally,

Big thanks for @jsarkisian for pointing me to the right direction.

Hack The Box

Rooted.

as a newbie i must admit i struggled a lot with root. I wasn’t used to work with p…p.exe, dump files, etc…

I learnt a lot.

Thand to @jsarkisian, @Akl and few others for the advices and help.

Considering i’m a VIP member, i think i will go back to work with retired machines and writeup. I love this place and how people are helping each other.

Thanks for the box!

I am curious… I noticed that this box (as well as many others) was owned within ~30 minutes of being released. Considering the root own on this box entailed a pretty specific pathway, how on earth does someone enumerate everything and find that path so quickly? Is it really that obvious to the pros? It seems like it would take even seasoned hackers some time (i.e. more than 5-10 minutes) to enumerate, identify and test various possible paths before finding the vulnerability.

can i get a link for l*******d.py? Mine does not seem to work

Stuck for ages using the wrong thing to connect over Win**. It worked, but was unstable and didn’t have some useful functions. E*****RM worked fine.

If you are struggling like me with certain password thingies, remember, some search engines are more equal than others…

Just a sanity check - i got 3 userid’s and 3 pw’s - should i be able to connect to either S** or W***M with those; tested with all combinations and no dice - dir BF seems to be total dead-end so i’m bit out of ideas :neutral:

Type your comment> @UCLogical said:

I spend the last 2 days getting a username for User with no luck. First I changed the LpS**.Py script from Impacket so I could feed it wordlists. I’ve exhausted all the standard wordlists and I even went looking for new ones. Ran that for a day. Figured I might have screwed up altering the script. (One of the passwords has an @ in it to mess with it) and also read people had problems with authenticating. Then I went to msf WM-l*** and used the same lists, but still nothing. Could someone give me a nudge please?

Maybe learn about windows systems and hacking and stop trying to brute force everything?

Rooted. This was my first windows machine attempted so was a serious learning curve. Thanks :smile:

How should i read the output from Proc*p.exe? I am trying to use mkatz on the files with no luck

stuck at root: dumping memory of process i****
not finding anything

Type your comment> @Netadmin said:

stuck at root: dumping memory of process i****
not finding anything

Do you have all the right flags set for your dumping program?

Guys im really stuck i got the c…g file cracked 2 passwords tried logging into e*****rm no luck tried using the script from alionder no luck nothing works i dont know what msf module to use i can feel im so close i just don’t know what im doing wrong please assist if possible.

Got user, thank you @MinatoTW - I enjoyed that :slight_smile: - moving onto root now.
For user, I will say as everyone else mentions; plenty of hints in the threads. (Think outside of the box)