Great machine for those new to exploiting Windows, like myself. I learned a lot from this machine, thanks @MinatoTW! Techinically there is no exploitation involved (making it the perfect machine for practicing you Windows-fu), its a game of "find the creds". All the tips you need are in the first 11-12 pages already. Here are some things to read up on though:
Powershell
Impacket
Process Memory Dumps
Windows Sysinternals
Also FYI if anyone is wondering why the metasploit modules don't work, a quick inspection using wireshark shows msf sends the request in SOAP format, which causes the server to respond with a 500 code.
This is my first Windows box, and I'm having some trouble with even figuring out how to start off... I discovered the three plaintext passwords from the C.txt file, along with the two users H and A*. Not sure what to do with this information...
If you'd like to help, please shoot me a PM! I'd appreciate it
hey this is my first windows box and i have found the /a*********/c*****.txt file on the website but dont really know where to go from here.
any help would be appreciated
I keep getting this when I try to run strings.. Anyone know why
Please be aware that, similar to other debug tools that capture "process state" information, files saved by
Sysinternals tools may include personally identifiable or other sensitive information(such as usernames, passwords,
paths to files accessed, and paths to registry accessed).By using this software, you acknowledge that you are aware of
this and take sole responsibility for any personally identifiable or other sensitive information provided to Microsoft
or any other party through your use of the software.
I've found the 3 creds, cracked passwords
Figured out the user / password combination for the first user
found more users using impacket
msf helped me validate which creds were working or not
I can list shares with two users...
W***m doesn't work though...but I'm not sure how to use it though
I don't know what to do from here, can someone help me ?
Thanks !
I've found the 3 creds, cracked passwords
Figured out the user / password combination for the first user
found more users using impacket
msf helped me validate which creds were working or not
I can list shares with two users...
W***m doesn't work though...but I'm not sure how to use it though
I don't know what to do from here, can someone help me ?
Thanks !
Maybe someone can help here. After getting user, did you change shells to pursue root? I'm currently using ev*******m, and not able to execute commands to pursue that.
I'm stuck on root. I believe I know the tool I need to use (p******p) but I'm not sure how I'm supposed to get it on the machine. Any tips/tricks would be appreciated
I'm stuck on root. I believe I know the tool I need to use (p******p) but I'm not sure how I'm supposed to get it on the machine. Any tips/tricks would be appreciated
I think I'm missing something. I keep trying to download the d*p file, but it's always timing out and the file is gone. I assume this is from the machine getting reset? Either way, I'm not sure if I should be downloading it, or doing something with it locally. I had planned to d/l it and run it through m******z.
Comments
ROOTED! THANKS @noi !
Rooted.
First Windows machine for me, i was a bit confused per moments x)
Thanks for the machine !
Feel free to PM me for hints (user / root)
If i helped you, +1 respect please !
was able to get c*****.txt and user:pwd but cant figure out how to get e*** a******?
Great machine for those new to exploiting Windows, like myself. I learned a lot from this machine, thanks @MinatoTW! Techinically there is no exploitation involved (making it the perfect machine for practicing you Windows-fu), its a game of "find the creds". All the tips you need are in the first 11-12 pages already. Here are some things to read up on though:
Powershell
Impacket
Process Memory Dumps
Windows Sysinternals
Also FYI if anyone is wondering why the metasploit modules don't work, a quick inspection using wireshark shows msf sends the request in SOAP format, which causes the server to respond with a 500 code.
Hey guys,
This is my first Windows box, and I'm having some trouble with even figuring out how to start off... I discovered the three plaintext passwords from the C.txt file, along with the two users H and A*. Not sure what to do with this information...
If you'd like to help, please shoot me a PM! I'd appreciate it
hey this is my first windows box and i have found the /a*********/c*****.txt file on the website but dont really know where to go from here.
any help would be appreciated
root, fun box. was late to party so did the intended way.
al hints are in the first 10 pages.
windows 7 10 is my rig
if it can't be done on windows, i fail.
I keep getting this when I try to run strings.. Anyone know why
Please be aware that, similar to other debug tools that capture "process state" information, files saved by
Sysinternals tools may include personally identifiable or other sensitive information(such as usernames, passwords,
paths to files accessed, and paths to registry accessed).By using this software, you acknowledge that you are aware of
this and take sole responsibility for any personally identifiable or other sensitive information provided to Microsoft
or any other party through your use of the software.
There was an option to disable the eua.
Saw it on the microsoftwebsite
windows 7 10 is my rig
if it can't be done on windows, i fail.
Rhaa, stuck !
I've found the 3 creds, cracked passwords
Figured out the user / password combination for the first user
found more users using impacket
msf helped me validate which creds were working or not
I can list shares with two users...
W***m doesn't work though...but I'm not sure how to use it though
I don't know what to do from here, can someone help me ?
Thanks !
Type your comment> @archaic said:
Do not use Metasploit W***m.
ROOTED !!
Ouf, got User, thanks to bumika
Had just a typo in a username (stupid). Caps matter
Maybe someone can help here. After getting user, did you change shells to pursue root? I'm currently using ev*******m, and not able to execute commands to pursue that.
This was a fun one.. Had a great time..
PS > whoami
supportdesk\administrator
First box rooted on HTB for me, got a lot of help from the forum... Fun ride with a lot of fun and new information !
I lost a lot of time because the hashes file I was feeding hashcat didn't end with a newline. It needs a newline.
Rooted, my first windows box so thats cool
Need help? Contact me on discord: hecker#7348
Tips for root?
How can I view the processes and pid?
I'm stuck on root. I believe I know the tool I need to use (p******p) but I'm not sure how I'm supposed to get it on the machine. Any tips/tricks would be appreciated
i stucked help me for root please
Type your comment> @trollzorftw said:
Type your comment> @BREADCRUMBH45H said:
These two comments helped me for user! Thank you very much!
Type your comment> @Njan said:
Look up ippsec's powershell videos
I think I'm missing something. I keep trying to download the d*p file, but it's always timing out and the file is gone. I assume this is from the machine getting reset? Either way, I'm not sure if I should be downloading it, or doing something with it locally. I had planned to d/l it and run it through m******z.
Rooted, Fun Box Tnx @MinatoTW
PM for nuggets
Fun and practical machine. Root teaches a very good lesson.
Thanks for the help everyone!
Finally, user.txt and pass.txt, good box, follow the recommendations and clues of the forum ... thanks
Just got my first R00T ! Thank you for the box !
There is no machine flag..