Thanks to all of you, I got it. Learned some new tricks so mission accomplished. Good box. As usual, lost time on unnecessary things but ultimately got there. The hints are all there in these posts and are always fun to decipher. For root, Stumbledore’s link is solid but the keyword may not be exactly as advertised. Try searching for a more complete word than the securityonline link uses. Although that’s the way I went, there are at least 2 other ways without using p***D.exe. I enjoyed the box.
Rooted my first ‘Active’ Box! Spent the whole weekend on it… but learned a ton on the way. Props to the creator, and all the help from your comments!
User:
You can easily get a few users and passwords, make sure you crack them all (one of them can be a little tricky, google helped me get there)
checkout impacket and its user enumeration capabilites!
gaining access required investigating my nmap output, and getting access through a service I hadn’t used before, which was cool!
** The Metasploit module for actually gaining access through this service did not work for me
** I had to search on Github for an alternative. Check out previous comments and you should figure it out.
Administrator:
I had a tough time on this. A lot of the comments talked about an odd process running. I eventually figured it out, but I missed it because this process didn’t seem odd to me.
Dumps + grep/strings got me what I needed.
*I recommend making a user.txt and pass.txt. Fill those in with the creds you find along the way! Throw them into Metasploit Auxiliary modules whenever you find a new user or password, see what you can login to!
Holy cow, I’m an idiot. Just got root. The process route is the “right” way to go and know your tools. Know your tools. Know your tools. Read the manuals. DM me for a nudge
hey! Need some help, iam unable to download the .dump file , tried some compression but it is always bigger than 100Mb. iMy dowload fails after downloading 4Mb with a dup ack .(and it takes like 10 min to dowload that 4Mb) iam using El_W*m to dowload and upload stuff.
is there any way to get root without downloading the file? already tried some ps like Select-String - -Pattern, but i’m not going anywhere…
hey! Need some help, iam unable to download the .dump file , tried some compression but it is always bigger than 100Mb. iMy dowload fails after downloading 4Mb with a dup ack .(and it takes like 10 min to dowload that 4Mb) iam using El_W*m to dowload and upload stuff.
is there any way to get root without downloading the file? already tried some ps like Select-String - -Pattern, but i’m not going anywhere…
thanks in advance
I’m in the same position. Can anyone give us a nudge? I tried dumping the animal processes with a popular PS script and a popular application (pr****mp.exe) but I can’t find any interesting strings.
hey! Need some help, iam unable to download the .dump file , tried some compression but it is always bigger than 100Mb. iMy dowload fails after downloading 4Mb with a dup ack .(and it takes like 10 min to dowload that 4Mb) iam using El_W*m to dowload and upload stuff.
is there any way to get root without downloading the file? already tried some ps like Select-String - -Pattern, but i’m not going anywhere…
thanks in advance
I’m in the same position. Can anyone give us a nudge? I tried dumping the animal processes with a popular PS script and a popular application (pr****mp.exe) but I can’t find any interesting strings.
There is a similar thing that you use in your kali box (to analyze)for pS. Use that it works perfectly, no need to download the file.
Finally rooted! It took a couple of days, but was well worth the research. Plenty of hints in this thread to help anyone along! Thanks for the box, @MinatoTW I really enjoyed this one!
hey! Need some help, iam unable to download the .dump file , tried some compression but it is always bigger than 100Mb. iMy dowload fails after downloading 4Mb with a dup ack .(and it takes like 10 min to dowload that 4Mb) iam using El_W*m to dowload and upload stuff.
is there any way to get root without downloading the file? already tried some ps like Select-String - -Pattern, but i’m not going anywhere…
thanks in advance
I’m in the same position. Can anyone give us a nudge? I tried dumping the animal processes with a popular PS script and a popular application (pr****mp.exe) but I can’t find any interesting strings.
There is a similar thing that you use in your kali box (to analyze)for pS. Use that it works perfectly, no need to download the file.
Rooted. This was a pretty hard challange to do if you are not used to enum and to password match. Also the E***-W*** is a pice of… that made it way harder for me.