Resolute

Type your comment> @rholas said:

search second user(r***) creds

@rholas said:
search second user(r***) creds

When you realize what are you actually looking for it becomes actually quite simple.
Now its root time -:slight_smile:

most blogs do not have the code, the ones that have the screenshot of the code does not mention how they set up the project.

Rooted

User: You have one password, try to get it working. Something evil happens when SysAdmins are lazy. Then go to the roots and force your way in

Root: You will find what you will abuse. After that I´ll say following: The file you will use can be remotely or on the machine. For the second way it doesn’t matter where it is but you have to make it by yourself or the AV will nuke it, poison doesn’t work.
If you go by the remote path trust in impacket and his servers before you use a native tool. As bonus you will see with impacket if it really gets contacted and you will know that the file is on his way to the machine

Getting seg. fault on nmap. The most frustrating box ever.

In search for R*** … any tips?

edit: got it :wink:

In which tool I can find a tip for R***?

Nice to see others are lost here too - i could not find any clue about user r*** - i guess i miss something obvious.

Update: I was to blind to see what was hidden in front of me.

Root: Nice way to get root, look at groups, google for it and maybe you need to build something.

Got users and a password that doesn’t work for anyone. I’m kinda lost, never done any Windows VMs. Could anyone help me?

Is the machine getting crashed or there are so many st*** people resetting the machine !!

I know what I need to put where, but I really don’t want to build it myself unless absolutely necessary… (no windows dev env set up right now…) is there a way to get something “off the shelf” that works?

@idomino said:

I know what I need to put where, but I really don’t want to build it myself unless absolutely necessary… (no windows dev env set up right now…) is there a way to get something “off the shelf” that works?

If you need to, you can compile with mingw. However, I did it using an ‘off the shelf’ tool

Type your comment> @clubby789 said:

@idomino said:

I know what I need to put where, but I really don’t want to build it myself unless absolutely necessary… (no windows dev env set up right now…) is there a way to get something “off the shelf” that works?

If you need to, you can compile with mingw. However, I did it using an ‘off the shelf’ tool

Thanks that’s good to know! I’ll “shop around” a bit more…

This server is driving me nuts… ok i have a set of credentials that have very limited read-only rights and i dont see how to get a shell from that.

Ok, i indeed got it by using a tool mentionned before, but i’d like to know if there’s another way, i dont like relying on off-the-shelves tools too much without being able to reproduce it with lower level commands…

Got user. This was the quickest user flag I have ever found on hackthebox thanks to doing forest a few weeks back.

For user: enumerate what you can. there are certain interesting services you always want to enumerate when you find a windows server box. once you find what you are looking for, try to think like a lazy admin and you’ll figure out whats really going on. as far as the shell, there is a port to login to. if you have done the last few windows boxes like forest and heist, you’ll know instantly. make sure you enumerate all ports. in fact, always enumerate all ports.

hit me up if you need help.

hello,
can anyone one help me out i’m still a newbie and just got the list of users and the useless password
any help will be appreciated

Got User pretty quick, enumeration is key…depending on how you get the output, there could be a lot to sift through. Keep looking.

Now root I have no idea, I know next to nothing about windows priv esc. Any hints on what to look for? I see an interesting user but not sure how to move to them.

I’m really not sure how to get initial foothold on this machine. Can someone DM me a hint?

@geoluna Try an impacket script to get the user list.

Any hints to get second user pass?