Resolute

1356730

Comments

  • edited December 2019

    Rooted

    User: You have one password, try to get it working. Something evil happens when SysAdmins are lazy. Then go to the roots and force your way in

    Root: You will find what you will abuse. After that I´ll say following: The file you will use can be remotely or on the machine. For the second way it doesn't matter where it is but you have to make it by yourself or the AV will nuke it, poison doesn't work.
    If you go by the remote path trust in impacket and his servers before you use a native tool. As bonus you will see with impacket if it really gets contacted and you will know that the file is on his way to the machine

  • Getting seg. fault on nmap. The most frustrating box ever.

  • edited December 2019

    In search for R*** ... any tips?

    edit: got it ;)

  • In which tool I can find a tip for R***?

  • edited December 2019

    Nice to see others are lost here too - i could not find any clue about user r*** - i guess i miss something obvious.

    Update: I was to blind to see what was hidden in front of me.

    Root: Nice way to get root, look at groups, google for it and maybe you need to build something.

    image

  • Got users and a password that doesn't work for anyone. I'm kinda lost, never done any Windows VMs. Could anyone help me?

  • Is the machine getting crashed or there are so many st*** people resetting the machine !!

  • I know what I need to put where, but I really don't want to build it myself unless absolutely necessary... (no windows dev env set up right now...) is there a way to get something "off the shelf" that works?

  • @idomino said:

    I know what I need to put where, but I really don't want to build it myself unless absolutely necessary... (no windows dev env set up right now...) is there a way to get something "off the shelf" that works?

    If you need to, you can compile with mingw. However, I did it using an 'off the shelf' tool

    clubby789

    • GCIH | GCIA
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • Type your comment> @clubby789 said:

    @idomino said:

    I know what I need to put where, but I really don't want to build it myself unless absolutely necessary... (no windows dev env set up right now...) is there a way to get something "off the shelf" that works?

    If you need to, you can compile with mingw. However, I did it using an 'off the shelf' tool

    Thanks that's good to know! I'll "shop around" a bit more...

  • This server is driving me nuts... ok i have a set of credentials that have very limited read-only rights and i dont see how to get a shell from that.

    lebutter
    eCPPT | OSCP

  • Ok, i indeed got it by using a tool mentionned before, but i'd like to know if there's another way, i dont like relying on off-the-shelves tools too much without being able to reproduce it with lower level commands...

    lebutter
    eCPPT | OSCP

  • Got user. This was the quickest user flag I have ever found on hackthebox thanks to doing forest a few weeks back.

    For user: enumerate what you can. there are certain interesting services you always want to enumerate when you find a windows server box. once you find what you are looking for, try to think like a lazy admin and you'll figure out whats really going on. as far as the shell, there is a port to login to. if you have done the last few windows boxes like forest and heist, you'll know instantly. make sure you enumerate all ports. in fact, always enumerate all ports.

    hit me up if you need help.
  • hello,
    can anyone one help me out i'm still a newbie and just got the list of users and the useless password
    any help will be appreciated

  • Got User pretty quick, enumeration is key...depending on how you get the output, there could be a lot to sift through. Keep looking.

    Now root I have no idea, I know next to nothing about windows priv esc. Any hints on what to look for? I see an interesting user but not sure how to move to them.

    Hack The Box

  • I'm really not sure how to get initial foothold on this machine. Can someone DM me a hint?

  • @geoluna Try an impacket script to get the user list.

  • Any hints to get second user pass?
  • Can someone lend a hand with root, I have created what is needed and am able to load it but I can't execute it to catch the shell?

    Hack The Box

  • Type your comment> @Nessunoguarda said:

    Any hints to get second user pass?

    Check c:\

  • rooted. Thanks for the great machine @egre55

    For root:

    • The toughest part for me was to find another creds. It's hidden deeply but if you search from the root, it's right in front of you.
    • If you find the second creds, use it, check groups, google it, and follow the path.
    • My stupid pitfall: sc and sc.exe have different meaning in Powershell.
  • Type your comment> @Solarstorm said:

    @geoluna Try an impacket script to get the user list.

    @Solarstorm I already had user names by running an NSE script. Not sure what to do with them.

  • Type your comment> @geoluna said:

    Type your comment> @Solarstorm said:

    @geoluna Try an impacket script to get the user list.

    @Solarstorm I already had user names by running an NSE script. Not sure what to do with them.

    try to login with them :) maybe another username helps :D

  • unable to find credentials for second user.
    anyone up for nudges?

  • I stuck in root way. Get second creed but not get root. I think, C******* groups maybe help me but i dont understand "which way i must search to privilege escalation?" or "which method?"

  • Type your comment> @GHULIYEV said:

    I stuck in root way. Get second creed but not get root. I think, C******* groups maybe help me but i dont understand "which way i must search to privilege escalation?" or "which method?"

    there is an alias for this group. execute whoami with option. then simple google search will lead you to attack :)

  • Type your comment> @gurbanli said:

    Type your comment> @GHULIYEV said:

    I stuck in root way. Get second creed but not get root. I think, C******* groups maybe help me but i dont understand "which way i must search to privilege escalation?" or "which method?"

    there is an alias for this group. execute whoami with option. then simple google search will lead you to attack :)

    Dur terpen ala burdan :D

  • Type your comment> @GHULIYEV said:

    Type your comment> @gurbanli said:

    Type your comment> @GHULIYEV said:

    I stuck in root way. Get second creed but not get root. I think, C******* groups maybe help me but i dont understand "which way i must search to privilege escalation?" or "which method?"

    there is an alias for this group. execute whoami with option. then simple google search will lead you to attack :)

    Dur terpen ala burdan :D

    :p

  • Type your comment> @idomino said:

    Type your comment> @clubby789 said:

    @idomino said:

    I know what I need to put where, but I really don't want to build it myself unless absolutely necessary... (no windows dev env set up right now...) is there a way to get something "off the shelf" that works?

    If you need to, you can compile with mingw. However, I did it using an 'off the shelf' tool

    Thanks that's good to know! I'll "shop around" a bit more...

    meta**** always works !!

  • Spoiler Removed

Sign In to comment.