Heist

Holy cow, I’m an idiot. Just got root. The process route is the “right” way to go and know your tools. Know your tools. Know your tools. Read the manuals. DM me for a nudge

hey! Need some help, iam unable to download the .dump file , tried some compression but it is always bigger than 100Mb. iMy dowload fails after downloading 4Mb with a dup ack .(and it takes like 10 min to dowload that 4Mb) iam using El_W*m to dowload and upload stuff.

is there any way to get root without downloading the file? already tried some ps like Select-String - -Pattern, but i’m not going anywhere…

thanks in advance

Rooted using PS internals :slight_smile:

Type your comment> @Nt3c said:

hey! Need some help, iam unable to download the .dump file , tried some compression but it is always bigger than 100Mb. iMy dowload fails after downloading 4Mb with a dup ack .(and it takes like 10 min to dowload that 4Mb) iam using El_W*m to dowload and upload stuff.

is there any way to get root without downloading the file? already tried some ps like Select-String - -Pattern, but i’m not going anywhere…

thanks in advance

I’m in the same position. Can anyone give us a nudge? I tried dumping the animal processes with a popular PS script and a popular application (pr****mp.exe) but I can’t find any interesting strings.

Type your comment> @MichiS97 said:

Type your comment> @Nt3c said:

hey! Need some help, iam unable to download the .dump file , tried some compression but it is always bigger than 100Mb. iMy dowload fails after downloading 4Mb with a dup ack .(and it takes like 10 min to dowload that 4Mb) iam using El_W*m to dowload and upload stuff.

is there any way to get root without downloading the file? already tried some ps like Select-String - -Pattern, but i’m not going anywhere…

thanks in advance

I’m in the same position. Can anyone give us a nudge? I tried dumping the animal processes with a popular PS script and a popular application (pr****mp.exe) but I can’t find any interesting strings.

There is a similar thing that you use in your kali box (to analyze)for pS. Use that it works perfectly, no need to download the file.

Finally rooted! It took a couple of days, but was well worth the research. Plenty of hints in this thread to help anyone along! Thanks for the box, @MinatoTW I really enjoyed this one!

Can somebody PM me a hint for the priv esc, trying to use pd.e** cant get any output though. Nvm, try to use more powerfull

Type your comment> @nwn00b said:

Type your comment> @MichiS97 said:

Type your comment> @Nt3c said:

hey! Need some help, iam unable to download the .dump file , tried some compression but it is always bigger than 100Mb. iMy dowload fails after downloading 4Mb with a dup ack .(and it takes like 10 min to dowload that 4Mb) iam using El_W*m to dowload and upload stuff.

is there any way to get root without downloading the file? already tried some ps like Select-String - -Pattern, but i’m not going anywhere…

thanks in advance

I’m in the same position. Can anyone give us a nudge? I tried dumping the animal processes with a popular PS script and a popular application (pr****mp.exe) but I can’t find any interesting strings.

There is a similar thing that you use in your kali box (to analyze)for pS. Use that it works perfectly, no need to download the file.

rooted, thanks for the hints

I am already stuck at enumerating those users :frowning:
Impacket doesnt bring me further with Acces Denied

Edit: owned user

Rooted. This was a pretty hard challange to do if you are not used to enum and to password match. Also the E***-W*** is a pice of… that made it way harder for me.

If you get stuck feel free to PM me

anyone got a hint for the dump? File is way to big to scroll through <---- git gut scrub, should read more

Command: smbclient -L //10.10.10.149 -U H*****

Reconnecting with SMB1 for workgroup listing.
do_connect: Connection to 10.10.10.149 failed (Error NT_STATUS_IO_TIMEOUT)
Failed to connect with SMB1 – no workgroup available

can any body help me??

Type your comment> @prutz said:

anyone got a hint for the dump? File is way to big to scroll through <---- git gut scrub, should read more

Be sure you have the right dump and look for grep alternatives

@pagal said:
Command: smbclient -L //10.10.10.149 -U H*****

Reconnecting with SMB1 for workgroup listing.
do_connect: Connection to 10.10.10.149 failed (Error NT_STATUS_IO_TIMEOUT)
Failed to connect with SMB1 – no workgroup available

can any body help me??

Check your parameters…

I have got all of the users and cracked all of the passwords, I can connect via smbclient in linux but not on w**** using PS. I think I should be able to connect in PS with E****-PS******* using user C**** and password Q**************, is this not correct?

Credentials are correct, attempt is good, the tool may not be proper. I tried two different ruby scripts and both of them did their job correctly.

Can someone please PM we with a some help on user? I believe I have done everything mentioned in the forum and still no luck:

  • I have the cracked all 3 passwords from ***.
  • I have the usernames from that same file, plus another 1 or 2 from the place that brought me to that file
  • None of those credentials work with the common port using the the common client and none work with l*******d.**
  • None of those credentials work with the higher port (using the snakey library)

I feel like something is wrong with the common port as I can’t even run e4*x on it.
What am I doing wrong???

thanks @meangreen for your help on this! not sure why one method worked over the other…but it did!

Got Root!.. Thank you @bertalting … Check those processes…

Getting root turned out to be easier than getting user - the answer was right in front me, but I’ve thought it is wrong. Also got to experiment with some ruby scripts, thanks for the machine!