Heist

This was a fun one… Had a great time…

PS > whoami
supportdesk\administrator

First box rooted on HTB for me, got a lot of help from the forum… Fun ride with a lot of fun and new information !

I lost a lot of time because the hashes file I was feeding hashcat didn’t end with a newline. It needs a newline.

Rooted, my first windows box so thats cool

Tips for root?

How can I view the processes and pid?

I’m stuck on root. I believe I know the tool I need to use (p******p) but I’m not sure how I’m supposed to get it on the machine. Any tips/tricks would be appreciated

i stucked help me for root please

Type your comment> @trollzorftw said:

there is a pretty sweet perl script that enums users from the service you all want to access so much

Type your comment> @BREADCRUMBH45H said:

Type your comment> @OscarAkaElvis said:

Hi, I saw some people asking for a tool to connect to W***m. Ok I can recommend this tool on which I’m collaborating.

Easy to install via git clone or via gem install (this is even easier). All needed is in the documenation at readme file: GitHub - Hackplayers/evil-winrm: The ultimate WinRM shell for hacking/pentesting

Hope it helps!

This was my first choice, but didn’t know what to enter for -s and -e, so I finally opted for a different winrm tool:

https://alionder.net/winrm-shell/

Works smooth like silk.

@OscarAkaElvis what am I missing with evil-winrm?

These two comments helped me for user! Thank you very much!

Type your comment> @Njan said:

I’m stuck on root. I believe I know the tool I need to use (p******p) but I’m not sure how I’m supposed to get it on the machine. Any tips/tricks would be appreciated

Look up ippsec’s powershell videos

Rooted, if anyone need some hint contact me without problems

I think I’m missing something. I keep trying to download the dp file, but it’s always timing out and the file is gone. I assume this is from the machine getting reset? Either way, I’m not sure if I should be downloading it, or doing something with it locally. I had planned to d/l it and run it through m*****z.

Rooted, Fun Box Tnx @MinatoTW

PM for nuggets

Fun and practical machine. Root teaches a very good lesson.

Thanks for the help everyone!

Finally, user.txt and pass.txt, good box, follow the recommendations and clues of the forum … thanks

Just got my first R00T ! Thank you for the box !

There is no machine flag…

I have 3 users and 3 passwords. I can connect to S** with a user and pass. But nothing in it… Can someone PM me with some tips. Pulling my hair out here .

I got 9 users now :wink:
used the l********.py

thanks @aho for the help

Working on root. Can someone DM me. Getting stuck

Rooted !

That was a fun one box (It was my first one, and I most on linux way, so it’s possible to do it).
I take about 6 days to resolve it with a lot of errors because I was doing wrong.

Tips :

I’m new in CTF and really you have all the information for the way to have the Users and the Root here.

If you can’t do it please read again the 10st pages and one time all the pages to find the way.

I find many tips on the forum but after trying it returns me a lot of errors so I try differents tool, but when i rooted the machine I knew that a lot of my errors was because of me (Bad Syntax, command or options.

So if you want to congrats this challenge read the forum and RTFM will helps you a lot.

PS : It’s funny to know that when you know everithing it takes 30 minutes for getting root :smiley:

Have a good luck for the others.