Resolute

Got users and a password that doesn’t work for anyone. I’m kinda lost, never done any Windows VMs. Could anyone help me?

Is the machine getting crashed or there are so many st*** people resetting the machine !!

I know what I need to put where, but I really don’t want to build it myself unless absolutely necessary… (no windows dev env set up right now…) is there a way to get something “off the shelf” that works?

@idomino said:

I know what I need to put where, but I really don’t want to build it myself unless absolutely necessary… (no windows dev env set up right now…) is there a way to get something “off the shelf” that works?

If you need to, you can compile with mingw. However, I did it using an ‘off the shelf’ tool

Type your comment> @clubby789 said:

@idomino said:

I know what I need to put where, but I really don’t want to build it myself unless absolutely necessary… (no windows dev env set up right now…) is there a way to get something “off the shelf” that works?

If you need to, you can compile with mingw. However, I did it using an ‘off the shelf’ tool

Thanks that’s good to know! I’ll “shop around” a bit more…

This server is driving me nuts… ok i have a set of credentials that have very limited read-only rights and i dont see how to get a shell from that.

Ok, i indeed got it by using a tool mentionned before, but i’d like to know if there’s another way, i dont like relying on off-the-shelves tools too much without being able to reproduce it with lower level commands…

Got user. This was the quickest user flag I have ever found on hackthebox thanks to doing forest a few weeks back.

For user: enumerate what you can. there are certain interesting services you always want to enumerate when you find a windows server box. once you find what you are looking for, try to think like a lazy admin and you’ll figure out whats really going on. as far as the shell, there is a port to login to. if you have done the last few windows boxes like forest and heist, you’ll know instantly. make sure you enumerate all ports. in fact, always enumerate all ports.

hit me up if you need help.

hello,
can anyone one help me out i’m still a newbie and just got the list of users and the useless password
any help will be appreciated

Got User pretty quick, enumeration is key…depending on how you get the output, there could be a lot to sift through. Keep looking.

Now root I have no idea, I know next to nothing about windows priv esc. Any hints on what to look for? I see an interesting user but not sure how to move to them.

I’m really not sure how to get initial foothold on this machine. Can someone DM me a hint?

@geoluna Try an impacket script to get the user list.

Any hints to get second user pass?

Can someone lend a hand with root, I have created what is needed and am able to load it but I can’t execute it to catch the shell?

Type your comment> @Nessunoguarda said:

Any hints to get second user pass?

Check c:\

rooted. Thanks for the great machine @egre55

For root:

  • The toughest part for me was to find another creds. It’s hidden deeply but if you search from the root, it’s right in front of you.
  • If you find the second creds, use it, check groups, google it, and follow the path.
  • My stupid pitfall: sc and sc.exe have different meaning in Powershell.

Type your comment> @Solarstorm said:

@geoluna Try an impacket script to get the user list.

@Solarstorm I already had user names by running an NSE script. Not sure what to do with them.

Type your comment> @geoluna said:

Type your comment> @Solarstorm said:

@geoluna Try an impacket script to get the user list.

@Solarstorm I already had user names by running an NSE script. Not sure what to do with them.

try to login with them :slight_smile: maybe another username helps :smiley:

unable to find credentials for second user.
anyone up for nudges?

I stuck in root way. Get second creed but not get root. I think, C******* groups maybe help me but i dont understand “which way i must search to privilege escalation?” or “which method?”