Resolute

Type your comment> @nav1n said:

@sta1ker said:
Can`t create right DLL to work! Any article to read?

DLL Injection – Penetration Testing Lab

the AV blocks ms*t payloads

edit: got root

Got root. Another great windows box.

Type your comment> @sta1ker said:

Type your comment> @nav1n said:

@sta1ker said:
Can`t create right DLL to work! Any article to read?

DLL Injection – Penetration Testing Lab

the AV blocks ms*t payloads

Try to serve it to the box. Some packet will help you with this

@sta1ker said:
Type your comment> @nav1n said:

@sta1ker said:
Can`t create right DLL to work! Any article to read?

DLL Injection – Penetration Testing Lab

the AV blocks ms*t payloads

Block it, simple.

pheew…got root, didnt upload anything in the end…

I’ve connected with m****** with r***t and with s**ct on some shares, but no dice. This is my first Windows box, can someone give me a hint please?
Thanks

@guihle at the same spot as you. Can’t find anything in the shares. Wondering if I should be trying to get a shell using a different method.

@guihle
@joe297

Do nmap scan on high port manually. There is a service that is like ssh, but for windows.

PM if you need more help

i need a nudge on user please ))

Rooted - main issue is there are two ways to launch i******* s** server one gets reverse shell the other doesn’t - other than that online guide shows how to do exploit - though this is easier with straight forward running of payload - ignore mentions of mimikatz

Spoiler Removed

I think i found the exploit for root.
But for executing this I need to compile some code with VS as far as I see. Since I dont have a Windows machine, is there a way to do this on linux?

Type your comment> @rheaalleen said:

Rooted

User: You have one password, try to get it working. Something evil happens when SysAdmins are lazy. Then go to the roots and force your way in

Root: You will find what you will abuse. After that I´ll say following: The file you will use can be remotely or on the machine. For the second way it doesn’t matter where it is but you have to make it by yourself or the AV will nuke it, poison doesn’t work.
If you go by the remote path trust in impacket and his servers before you use a native tool. As bonus you will see with impacket if it really gets contacted and you will know that the file is on his way to the machine

Comments for Root are very helpful. Initially did not understand what it is. But once I observed thing, got to know what exactly this means. Thanks !

Nice box from bottom to top! Kudos to @egre55

Awesome Box… Loved it

whoami
nt authority\system

Stuck with the r*** → root via *** service. Made a special reverse shell d** for the service, but cannot stop it because of Type 2.
That’s a wrong way or I do not know smth obvious?

The service is not stopping and starting correctly.

Also, at-least on the free server, the box is being very unstable for me.
Is anyone else facing similar issues, or is it just me ?

unlike other windows machines, here I can’t stop am**e interfering with uploads. Any hint?

i got the creds that were just “there”, but they dont seem to work. Are they decoy or someone changed the password?

I don’t know… maybe there are too many operations pending on the service, but remains that using the right architecture, the right injection… something goes wrong :frowning: