idk am i on the right track for root or not. used pro****p to dump the 5 f*****x memory process using -mm. then use strings to convert the dump to string file and check each file for credentials.
And anyone know what's the username login format for the l***n.php. i've tried @supportdesk @supportdesk.local @htb.local
by changing the type to text
with the password i used to login for my e**l. but keep on prompting me credential error.
idk am i on the right track for root or not. used pro****p to dump the 5 f*****x memory process using -mm. then use strings to convert the dump to string file and check each file for credentials.
And anyone know what's the username login format for the l***n.php. i've tried @supportdesk @supportdesk.local @htb.local
by changing the type to text
with the password i used to login for my e**l. but keep on prompting me credential error.
You get the login email and password handed to you if you read through carefully. You did the right thing with the f*****x, just look through it now. Also why do you even care if you can login to the webpage, you have the admin password, just login and grab your flag
idk am i on the right track for root or not. used pro****p to dump the 5 f*****x memory process using -mm. then use strings to convert the dump to string file and check each file for credentials.
And anyone know what's the username login format for the l***n.php. i've tried @supportdesk @supportdesk.local @htb.local
by changing the type to text
with the password i used to login for my e**l. but keep on prompting me credential error.
You get the login email and password handed to you if you read through carefully. You did the right thing with the f*****x, just look through it now. Also why do you even care if you can login to the webpage, you have the admin password, just SSH in and grab your flag
i've gone through all the 5 dump file, still cant get the credential. that's weird wandering which part i did wrongly
idk am i on the right track for root or not. used pro****p to dump the 5 f*****x memory process using -mm. then use strings to convert the dump to string file and check each file for credentials.
And anyone know what's the username login format for the l***n.php. i've tried @supportdesk @supportdesk.local @htb.local
by changing the type to text
with the password i used to login for my e**l. but keep on prompting me credential error.
You get the login email and password handed to you if you read through carefully. You did the right thing with the f*****x, just look through it now. Also why do you even care if you can login to the webpage, you have the admin password, just SSH in and grab your flag
i've gone through all the 5 dump file, still cant get the credential. that's weird wandering which part i did wrongly
idk am i on the right track for root or not. used pro****p to dump the 5 f*****x memory process using -mm. then use strings to convert the dump to string file and check each file for credentials.
And anyone know what's the username login format for the l***n.php. i've tried @supportdesk @supportdesk.local @htb.local
by changing the type to text
with the password i used to login for my e**l. but keep on prompting me credential error.
You get the login email and password handed to you if you read through carefully. You did the right thing with the f*****x, just look through it now. Also why do you even care if you can login to the webpage, you have the admin password, just SSH in and grab your flag
i've gone through all the 5 dump file, still cant get the credential. that's weird wandering which part i did wrongly
Use -ma instead -mm. Later one is not sufficient.
but -ma the file size was >400mb it's little bit hard to download it to my local machine. Sometimes the packet might drop too during the transmission
idk am i on the right track for root or not. used pro****p to dump the 5 f*****x memory process using -mm. then use strings to convert the dump to string file and check each file for credentials.
And anyone know what's the username login format for the l***n.php. i've tried @supportdesk @supportdesk.local @htb.local
by changing the type to text
with the password i used to login for my e**l. but keep on prompting me credential error.
You get the login email and password handed to you if you read through carefully. You did the right thing with the f*****x, just look through it now. Also why do you even care if you can login to the webpage, you have the admin password, just SSH in and grab your flag
i've gone through all the 5 dump file, still cant get the credential. that's weird wandering which part i did wrongly
Use -ma instead -mm. Later one is not sufficient.
but -ma the file size was >400mb it's little bit hard to download it to my local machine. Sometimes the packet might drop too during the transmission
no need for a parameter at all. just do the dump withput any parameters. filesizes about 3-4MB
I'm on the root, trying to use the PD.**e with E***W**** for all the next steps discussing in here, using the -s -e correctly, also edited the .config file for the path but either way i'm getting an error with "check file names", any idea what's the problem? I'm trying maybe the wrong way? Feel free to pm me.
I have got user shell and dumped the animal process. But I don't know what to search from dump file to root.
Could you help me what to search for root?
New to hacking(a few days of experience). Could someone tell me how to know when you have user flag? I managed to get access to one user C***e with the hints provided here, but should I do more to get the points or? Thanks!
Just got root, oh men what a challenge !! Definitely teached me a couple of tricks to use in powershell. Took me a while as i was searching for the wrong user in the **.dp
Ping me for any hints that i might be able to provide
Got the user I think. But for some reason I cannot display the contents of Documents with ls command after I got the user flag. Not sure, if it is related to it or not? I remember there was an .exe file there, do we need that for root?
Comments
Is there an issue with this machine right now. I'm connected to VPN and tried to reset it but can't access the webpages for it or ping it.
If anyone can pm me, i want to ask a question about root. tnx
Rooted, if need help you can send me pm.
Root! Thanks to @MinatoTW for the great box.
PM me if you need help.
Type your comment> @noobsaibot81 said:
Hi you just don't use the right option and parameters on them for cracking the password.
Try to look on the manual
a tips for john :
john --list=something
use more parameters and read some more answer on this topic you will get it sure.
a tips for hashcat :
Enumerate the hash and try hashcat --help | grep something
I just enumerate the 3 users after 1 day
Cracking takes me about 10 minutes on a VM with kali
idk am i on the right track for root or not. used pro****p to dump the 5 f*****x memory process using -mm. then use strings to convert the dump to string file and check each file for credentials.
And anyone know what's the username login format for the l***n.php. i've tried @supportdesk
@supportdesk.local
@htb.local
by changing the type to text
with the password i used to login for my e**l. but keep on prompting me credential error.
Type your comment> @nobodyatall said:
You get the login email and password handed to you if you read through carefully. You did the right thing with the f*****x, just look through it now. Also why do you even care if you can login to the webpage, you have the admin password, just login and grab your flag
Type your comment> @dog9w23 said:
i've gone through all the 5 dump file, still cant get the credential. that's weird wandering which part i did wrongly
Type your comment> @nobodyatall said:
Use -ma instead -mm. Later one is not sufficient.
Type your comment> @bumika said:
but -ma the file size was >400mb it's little bit hard to download it to my local machine. Sometimes the packet might drop too during the transmission
No need for downloading dump files. Use Powershell command to search in a file. Read this forum thread again, and you will find the command.
Type your comment> @nobodyatall said:
no need for a parameter at all. just do the dump withput any parameters. filesizes about 3-4MB
Best regards Luemmel
OSCP

thanks for your hints guys rooted Heist.
I'm on the root, trying to use the PD.**e with E***W**** for all the next steps discussing in here, using the -s -e correctly, also edited the .config file for the path but either way i'm getting an error with "check file names", any idea what's the problem? I'm trying maybe the wrong way? Feel free to pm me.
Finally Rooted Thanks for all of your help if anyone want hint just pm me
I have got user shell and dumped the animal process. But I don't know what to search from dump file to root.
Could you help me what to search for root?
Hello everyone here!
New to hacking(a few days of experience). Could someone tell me how to know when you have user flag? I managed to get access to one user C***e with the hints provided here, but should I do more to get the points or? Thanks!
Just got root, oh men what a challenge !! Definitely teached me a couple of tricks to use in powershell. Took me a while as i was searching for the wrong user in the **.dp
Ping me for any hints that i might be able to provide
my first rooted machine here! Thaks, guys!
All useful information was already posted here, but if you need help feel free to PM me
Spoiler Removed
Spoiler Removed
Spoiler Removed
Spoiler Removed
Spoiler Removed
@OMYT said:
I found 3 passwords and 1 username, I know I can use this cred with R**client, but dunno how to proceed there.
Type your comment> @FlatMarsSociet said:
You need to do more enumeration on usernames with l...u...d.py from Impacket
@OMYT said:
didn't know that tool yet, got a list of accounts now.
Will try them later
Thanks!
Got the user I think. But for some reason I cannot display the contents of Documents with ls command after I got the user flag. Not sure, if it is related to it or not? I remember there was an .exe file there, do we need that for root?
Spoiler Removed