Resolute

Can someone lend a hand with root, I have created what is needed and am able to load it but I can’t execute it to catch the shell?

Type your comment> @Nessunoguarda said:

Any hints to get second user pass?

Check c:\

rooted. Thanks for the great machine @egre55

For root:

  • The toughest part for me was to find another creds. It’s hidden deeply but if you search from the root, it’s right in front of you.
  • If you find the second creds, use it, check groups, google it, and follow the path.
  • My stupid pitfall: sc and sc.exe have different meaning in Powershell.

Type your comment> @Solarstorm said:

@geoluna Try an impacket script to get the user list.

@Solarstorm I already had user names by running an NSE script. Not sure what to do with them.

Type your comment> @geoluna said:

Type your comment> @Solarstorm said:

@geoluna Try an impacket script to get the user list.

@Solarstorm I already had user names by running an NSE script. Not sure what to do with them.

try to login with them :slight_smile: maybe another username helps :smiley:

unable to find credentials for second user.
anyone up for nudges?

I stuck in root way. Get second creed but not get root. I think, C******* groups maybe help me but i dont understand “which way i must search to privilege escalation?” or “which method?”

Type your comment> @GHULIYEV said:

I stuck in root way. Get second creed but not get root. I think, C******* groups maybe help me but i dont understand “which way i must search to privilege escalation?” or “which method?”

there is an alias for this group. execute whoami with option. then simple google search will lead you to attack :slight_smile:

Type your comment> @gurbanli said:

Type your comment> @GHULIYEV said:

I stuck in root way. Get second creed but not get root. I think, C******* groups maybe help me but i dont understand “which way i must search to privilege escalation?” or “which method?”

there is an alias for this group. execute whoami with option. then simple google search will lead you to attack :slight_smile:

Dur terpen ala burdan :smiley:

Type your comment> @GHULIYEV said:

Type your comment> @gurbanli said:

Type your comment> @GHULIYEV said:

I stuck in root way. Get second creed but not get root. I think, C******* groups maybe help me but i dont understand “which way i must search to privilege escalation?” or “which method?”

there is an alias for this group. execute whoami with option. then simple google search will lead you to attack :slight_smile:

Dur terpen ala burdan :smiley:

:stuck_out_tongue:

Type your comment> @idomino said:

Type your comment> @clubby789 said:

@idomino said:

I know what I need to put where, but I really don’t want to build it myself unless absolutely necessary… (no windows dev env set up right now…) is there a way to get something “off the shelf” that works?

If you need to, you can compile with mingw. However, I did it using an ‘off the shelf’ tool

Thanks that’s good to know! I’ll “shop around” a bit more…

meta**** always works !!

Spoiler Removed

I can confirm that you don’t need to build if you don’t want to you can get off the shelf

C:\>hostname & whoami
hostname & whoami
Resolute
nt authority\system

Finally got root. native tool doesn’t work.

Edit: question answered

do i have to build a dll for the root ?

If anyone can give a hint about m* → r* - PM, please :c

got the list of users, need help with finding the juicy info (creds)

Need help to get login as r***, PM, please. Thanks.

Rooted: Thanks @vsamiamv for providing a nudge on logon as R*** part.

Hi I have a password and lots of users. The password doesn’t work with the person who it is mentioned with on sc*** have tried it with other users but no luck