Heist

Получил рут, если кому нужно подсказать куда идти пишите пм
Root it, thx for hints

I’m a little stuck on privesc… I’ve dumped the process from i***x then searched the results, but I couldn’t find anything…I think I’m searching with the wrong pattern or didn’t provide the right arguments to get a good dump file. I could use a nudge please.

Guys, thanks for all help! first ever user :slight_smile:
Really enummerate and that jewel script made my day :slight_smile:
now going for root!

Spoiler Removed

Rooted, easy machine.

What does the fox say?
“Ring-ding-ding-ding-dingeringeding!
Gering-ding-ding-ding-dingeringeding!
Gering-ding-ding-ding-dingeringeding!”

PM for nudge :cheers: :smiley:

Thanks to all of you, I got it. Learned some new tricks so mission accomplished. Good box. As usual, lost time on unnecessary things but ultimately got there. The hints are all there in these posts and are always fun to decipher. For root, Stumbledore’s link is solid but the keyword may not be exactly as advertised. Try searching for a more complete word than the securityonline link uses. Although that’s the way I went, there are at least 2 other ways without using p***D.exe. I enjoyed the box.

Available for nudges.

Also just curious, can anyone explain why a lot of ps1 doesn’t work? Is it just me or defender or something else?

Been hunting the animal but cant find something useful on that process. It seems i have to tweak the options?

btw: anyone found that weird xss?

Type your comment> @zfyra said:

Any hint to crack secret 5 pass?

hashcat64 does in less than a second, need to know type as well as ‘rock’ the correct wordlist.

Dam*iiit! Props to @0x71rex and @mike008 for that push.

Type your comment> @govsec said:

Dam*iiit! Props to @0x71rex and @mike008 for that push.

Way to go mate.

rooted was a fun box. pretty quick just gotta make sure you enum :slight_smile:

Rooted my first ‘Active’ Box! Spent the whole weekend on it… but learned a ton on the way. Props to the creator, and all the help from your comments!

User:

  1. You can easily get a few users and passwords, make sure you crack them all (one of them can be a little tricky, google helped me get there)

  2. checkout impacket and its user enumeration capabilites!

  3. gaining access required investigating my nmap output, and getting access through a service I hadn’t used before, which was cool!
    ** The Metasploit module for actually gaining access through this service did not work for me
    ** I had to search on Github for an alternative. Check out previous comments and you should figure it out.

Administrator:

  1. I had a tough time on this. A lot of the comments talked about an odd process running. I eventually figured it out, but I missed it because this process didn’t seem odd to me.

  2. Dumps + grep/strings got me what I needed.

*I recommend making a user.txt and pass.txt. Fill those in with the creds you find along the way! Throw them into Metasploit Auxiliary modules whenever you find a new user or password, see what you can login to!

Hi buddies,

This is my first box and I’m completely stuck. I get the passwords stored in files but don’t understand how can I perform this box

Someone could give me some advices ?

thx

Holy cow, I’m an idiot. Just got root. The process route is the “right” way to go and know your tools. Know your tools. Know your tools. Read the manuals. DM me for a nudge

hey! Need some help, iam unable to download the .dump file , tried some compression but it is always bigger than 100Mb. iMy dowload fails after downloading 4Mb with a dup ack .(and it takes like 10 min to dowload that 4Mb) iam using El_W*m to dowload and upload stuff.

is there any way to get root without downloading the file? already tried some ps like Select-String - -Pattern, but i’m not going anywhere…

thanks in advance

Rooted using PS internals :slight_smile:

Type your comment> @Nt3c said:

hey! Need some help, iam unable to download the .dump file , tried some compression but it is always bigger than 100Mb. iMy dowload fails after downloading 4Mb with a dup ack .(and it takes like 10 min to dowload that 4Mb) iam using El_W*m to dowload and upload stuff.

is there any way to get root without downloading the file? already tried some ps like Select-String - -Pattern, but i’m not going anywhere…

thanks in advance

I’m in the same position. Can anyone give us a nudge? I tried dumping the animal processes with a popular PS script and a popular application (pr****mp.exe) but I can’t find any interesting strings.

Type your comment> @MichiS97 said:

Type your comment> @Nt3c said:

hey! Need some help, iam unable to download the .dump file , tried some compression but it is always bigger than 100Mb. iMy dowload fails after downloading 4Mb with a dup ack .(and it takes like 10 min to dowload that 4Mb) iam using El_W*m to dowload and upload stuff.

is there any way to get root without downloading the file? already tried some ps like Select-String - -Pattern, but i’m not going anywhere…

thanks in advance

I’m in the same position. Can anyone give us a nudge? I tried dumping the animal processes with a popular PS script and a popular application (pr****mp.exe) but I can’t find any interesting strings.

There is a similar thing that you use in your kali box (to analyze)for pS. Use that it works perfectly, no need to download the file.