Heist

Spoiler Removed

Spoiler Removed

Spoiler Removed

Spoiler Removed

Spoiler Removed

@OMYT said:

These credentials are right, but not for this service
How many users and passwords did you find?

I found 3 passwords and 1 username, I know I can use this cred with R**client, but dunno how to proceed there.

Type your comment> @FlatMarsSociet said:

@OMYT said:

These credentials are right, but not for this service
How many users and passwords did you find?

I found 3 passwords and 1 username, I know I can use this cred with R**client, but dunno how to proceed there.

You need to do more enumeration on usernames with l…u…d.py from Impacket

@OMYT said:

You need to do more enumeration on usernames with l…u…d.py from Impacket

didn’t know that tool yet, got a list of accounts now.
Will try them later

Thanks!

Got the user I think. But for some reason I cannot display the contents of Documents with ls command after I got the user flag. Not sure, if it is related to it or not? I remember there was an .exe file there, do we need that for root?

Spoiler Removed

Jesus mods are sleeping on the spoilers in the last day

[rooted]
Just pwned my second win box;learned a ton. I used the n****.e to get the f** dump and analysis it locally with str**** and gr**

Rooted first box. Learned a lot. Thanks @rholas

I’m stuck on root. I’ve tried many different combinations of strings while searching the process… Either too much or too little. It’s probably in front of me and I can’t see it clearly. Help apreciated.

Rooted!! That was a nice box!!

Also finally got my first root on this box. ??

Thank you for all the hints here in the forum! Without them I would have been lost and so I learned a lot.

One question remains for me, that others have also raised before: how do you come to the idea that the F*****x process might give you credentials? Is this a common issue? Is this something to be aware of ITW? Or is this more or less just a special riddle on this box? Without the hints here in the forum, I might still crushing my head how to do privesc.

One thing that might be obvious to most here, but costed me a lot of time: if you need upload and download capabilities, check the docu of your shell at least twice! ?

Type your comment> @n00py said:

One question remains for me, that others have also raised before: how do you come to the idea that the F*****x process might give you credentials?

Read the file that is in the same folder with user.txt. It contains the information that justifies why you are worth examining those processes.

Need some tips… I got 3 passwords and 3 potential usernames but I cannot login anywhere… Tried smb and the high port but nothing… :frowning:

hm… can’t say it was a scenario I would exploit in a penetration test especially the root part

Rooted. Thx @AzAxIaL and @Ch0p1n for nudges on finally stage.
All clues are in this topic. It is necessary to know how to use the tools.

PM me if you stuck.