Hi I have a password and lots of users. The password doesn't work with the person who it is mentioned with on s**c***** have tried it with other users but no luck
-When you find something useful, you should try it in different places.
My hints for root :
-Research the system, and you will find something useful.
-Research again and you will find about a vulnerability that can be exploited.
-In theory you can craft the payload manually. I wasn't successful with the manual approach. However, you don't need to craft if manually yourself. Just be careful with the architecture though (Thank you to @bertalting).
This was a nice and easy box..... if you know what to look for. But with help from the cummunity i made it. yeah root dance!
Again learned a lot since i am not good at windows boxes.
If you need help with something, PM me how far you've got already, what you've tried etc.
Discord: MadHack#6530
Im completely new to all windows boxes, but I did enumerate and get a bunch of users including one password, the problem is I see all the ports open on nmap but have no idea where to even login or what any of these services are. Any help would be appreciated but until then i'll continue googling
Rooted. Fun box, learned a lot about Windows enumeration with this one, and it wasn't overly hard. Thanks to @tekkenpc and @twypsy for the help on root. PM for hints.
I'm a little stuck and for sure it's just that I'm tired. I got the user flag, performed the enumeration for r**t and see what the problem is, but can't think on how to approach it.
If anyone could help by , PM me. Thanks everyone!
EDIT: got root finally. Like almost everyone said, ENUMERATION is key. Hints from @twypsy, @gurbanli and others are spot on, it might just take time to figure it out.
Finally root. when i used service daemon in my kali box, it didnt work. but when i used im****** tool it worked. still dont know why i will be glad if someone explains me why
Hints :
User : Do classic windows enumeration, then read output line by line
User2: Enumerate disk for hidden files
Root: You see user in one group, but maybe this group also has alias . check with another command. then simple google search will lead you to attack technique.
Did anyone have difficulty reading the content of the file with user 2 creds.
I am getting permission denied error, no matter what I try.
Stuck here for obscene number of hours..
Please , can anyone help ?
Another fantastic windows box. This one and Control have just been great from start to finish. Root is a great trick, which I will look out for more in the real world. You don't need to build anything for it, in fact, you don't even need to upload anything to the machine at all to achieve a system shell. There's a red team blog post that's a bit incoherent but describes the method I used to an extent.
Rooted! Nice box. Everything was pretty straight forward. Tried a lot of ways to get the D** to work based on the information available, but in the end just picked my poison for a one shot command.
Comments
I can confirm that you don't need to build if you don't want to you can get off the shelf
Finally got root. native tool doesn't work.
do i have to build a dll for the root ?
If anyone can give a hint about m* -> r* - PM, please :c
got the list of users, need help with finding the juicy info (creds)
Need help to get login as r***, PM, please. Thanks.
Rooted: Thanks @vsamiamv for providing a nudge on logon as R*** part.
Hi I have a password and lots of users. The password doesn't work with the person who it is mentioned with on s**c***** have tried it with other users but no luck
.
Spoiler Removed
edit: got root
Rooted, fun and easy box...
Need a nudge ? Dm me
My hints for user :
-Read the output carefully.
-When you find something useful, you should try it in different places.
My hints for root :
-Research the system, and you will find something useful.
-Research again and you will find about a vulnerability that can be exploited.
-In theory you can craft the payload manually. I wasn't successful with the manual approach. However, you don't need to craft if manually yourself. Just be careful with the architecture though (Thank you to @bertalting).
Type your comment> @AnonSimba said:
@AnonSimba Im trying to login with smct and user m* . Doesn't work...
This was a nice and easy box..... if you know what to look for. But with help from the cummunity i made it. yeah root dance!
Again learned a lot since i am not good at windows boxes.
If you need help with something, PM me how far you've got already, what you've tried etc.
Discord: MadHack#6530
Thanks for the great box!
Gods make rules. They don't follow them
Still problems with user. I'm logged in as user m***** and now I'm enumerating the share for hours and can't find any useful. Any hint?
Are there other services?
What a nice box, i just managed to get root and it was really interesting
Don't overcomplicate like i did, once you find the vulnerability that you need to exploit stick to that and don't overcomplicate.
Feel free to PM me for any hints
Im completely new to all windows boxes, but I did enumerate and get a bunch of users including one password, the problem is I see all the ports open on nmap but have no idea where to even login or what any of these services are. Any help would be appreciated but until then i'll continue googling
Spoiler Removed
Rooted. Fun box, learned a lot about Windows enumeration with this one, and it wasn't overly hard. Thanks to @tekkenpc and @twypsy for the help on root. PM for hints.
I'm a little stuck and for sure it's just that I'm tired. I got the user flag, performed the enumeration for r**t and see what the problem is, but can't think on how to approach it.
If anyone could help by , PM me. Thanks everyone!
EDIT: got root finally. Like almost everyone said, ENUMERATION is key. Hints from @twypsy, @gurbanli and others are spot on, it might just take time to figure it out.
CISSP | eJPT
Finally root. when i used service daemon in my kali box, it didnt work. but when i used im****** tool it worked. still dont know why
i will be glad if someone explains me why
Hints :
User : Do classic windows enumeration, then read output line by line
User2: Enumerate disk for hidden files
Root: You see user in one group, but maybe this group also has alias . check with another command. then simple google search will lead you to attack technique.
Did anyone have difficulty reading the content of the file with user 2 creds.
I am getting permission denied error, no matter what I try.
Stuck here for obscene number of hours..
Please , can anyone help ?
Finally rooted. Thanks to @Ninjacoder , @twypsy
Thank you to @madhack as well!
Another fantastic windows box. This one and Control have just been great from start to finish. Root is a great trick, which I will look out for more in the real world. You don't need to build anything for it, in fact, you don't even need to upload anything to the machine at all to achieve a system shell. There's a red team blog post that's a bit incoherent but describes the method I used to an extent.
Hi, i'm stuck with m**'s creds. tried evl, sm but nada. Would appreciate a hint
Rooted! Nice box. Everything was pretty straight forward. Tried a lot of ways to get the D** to work based on the information available, but in the end just picked my poison for a one shot command.
OSCP, SSCP
