Heist

@OMYT said:

You need to do more enumeration on usernames with l…u…d.py from Impacket

didn’t know that tool yet, got a list of accounts now.
Will try them later

Thanks!

Got the user I think. But for some reason I cannot display the contents of Documents with ls command after I got the user flag. Not sure, if it is related to it or not? I remember there was an .exe file there, do we need that for root?

Spoiler Removed

Jesus mods are sleeping on the spoilers in the last day

[rooted]
Just pwned my second win box;learned a ton. I used the n****.e to get the f** dump and analysis it locally with str**** and gr**

Rooted first box. Learned a lot. Thanks @rholas

I’m stuck on root. I’ve tried many different combinations of strings while searching the process… Either too much or too little. It’s probably in front of me and I can’t see it clearly. Help apreciated.

Rooted!! That was a nice box!!

Also finally got my first root on this box. ??

Thank you for all the hints here in the forum! Without them I would have been lost and so I learned a lot.

One question remains for me, that others have also raised before: how do you come to the idea that the F*****x process might give you credentials? Is this a common issue? Is this something to be aware of ITW? Or is this more or less just a special riddle on this box? Without the hints here in the forum, I might still crushing my head how to do privesc.

One thing that might be obvious to most here, but costed me a lot of time: if you need upload and download capabilities, check the docu of your shell at least twice! ?

Type your comment> @n00py said:

One question remains for me, that others have also raised before: how do you come to the idea that the F*****x process might give you credentials?

Read the file that is in the same folder with user.txt. It contains the information that justifies why you are worth examining those processes.

Need some tips… I got 3 passwords and 3 potential usernames but I cannot login anywhere… Tried smb and the high port but nothing… :frowning:

hm… can’t say it was a scenario I would exploit in a penetration test especially the root part

Rooted. Thx @AzAxIaL and @Ch0p1n for nudges on finally stage.
All clues are in this topic. It is necessary to know how to use the tools.

PM me if you stuck.

please your kind help with heist I already have two users and three password

Edit: Got both! The issue was with my $1 password: It was cracked without any issues, the problem was, I did not see the cracked password had a 1, so I kept trying with an l (notepad++ on windows)

I have 2 users and 3 passwords.

I tried ruby ​​script and was unsuccessful.

tips?

Hi, can someone help me on this? I have 2 users and 3 passwords too. How should I proceed?

rooted my first box! THX to all hints in this Forum.

not use single tools, more

Confirm the result with other tools that gave me a clue.