Heist

Rooted - wasn’t that easy for me!

Not sure if anyone else experienced this, but one of the passwords can cause issues in shell so you need to feed it into scripts in non-standard way or use them manually.

For root, read the documents carefully and choose correct flag.

Finally rooted - Feel free to hit me up for help :slight_smile:

Not sure why people are referring to the “correct flag” ?
Can anyone explain this?

finally. I really love the format/way that this box work with the reality. I have been learning a lot of this one. Thanks @MinatoTW

Someone pleas help me with root? Found that is related to the fox, but i never did something related.

I found 2 ways, file and proc, but i dont know how to use the p***p properly

anyone need to guide ping me ??

Type your comment

User and rooted, if anyone needs help give me a nudge. ?

Hello guys,

Got user already.

Trying to enum using the evil-winrm shell, but it’s really slow. What’s an alternative?

Edited: rooted. @waelaase tips are really good.

at last get the user after 1 day, here is how i did it

  • crack all hashes
  • find a user and password to work on the low port
  • enumerate more to get new users (nothing worked for me except “l*******d.py”, i need to figure out why)
  • check the high port login using metasploit script (W****_****n)
  • use E***_****m to get first shell

at last got root (thanks for all the hints in the forum), here is how i did it

  • find the process
  • dump it
  • check the dump
  • login again

thank you

Thanks for the great box. @MinatoTW

User was pretty straightforward. Took me a while to get root :slight_smile: Thanks everybody for your help.

Can someone give a hint for the third user? Should i crack something a little more?

This box is actually practical. Believe it or not, I’ve actually had to go through a very similar process the way in which you get Administrator on this box during live testing.

hmmm, the question is, what do we search for in the .dmp

Time for Google, and some trial and error

i need a nudge please xD

Rooted, a really good box for developing some skills with windows.

Hints for User :
Enumerate everything and use more than one method for getting user creds. rocking with your feline friend can be very useful here.

Hints for root :
Enumerate running processes in combination with the info gathered during user. badwolf comment was useful. Remember its a windows box so you may find it easier using windows native tools within the machine along with creds rather than attempting to use these remotely.

Nugget.

Spoiler Removed

Type your comment> @MrVulneR said:

I’m Stuck , Why i can’t enumerate users using lookupsid.py script i only get the domain SID is there’s something missing or perhaps there’s another approach ?

You’re on the right track… try looking up CME

Heck yeaaaaaahhhh. Rooted. Super fun, tons of things to learn.

I need you help i’m stuck into root scalation, some hints??