Resolute

i have already made a d** injection using the user2 and i am trouble on restarting the d*s server. Can you give me a nudge?

I’ve try to hydra r*** hydra say me 1 password but not show me lol

Finally rooted :slight_smile: I really liked this box and found it a good real world challenge.

My tips.

USER 1:

  1. Scan every inch of the box
  2. Enumerate, enumerate then enumerate some more, don’t over complicate it by spending too much time thinking there is going to be some smart trick. This is real world stuff, yes admins do leave that stuff there.
  3. Just because the right info is in front of you, does it necessarily relate to that person? (What is the easiest way to check this?) use the tools available to you, no custom stuff needed.
  4. Actually read the output, and try to understand what’s happening. I find it helpful to draw a mind map on a piece of paper

USER 2:

  1. Look at your permissions
  2. know your PowerShell cmds (what does Windows do with files it doesn’t want you to touch)
  3. keep looking, don’t give up. Never give up, like, never…

ROOT:
I opted for the easy way here, there is a more difficult way as discussed in previous posts. It’s up to you.

  1. The harder way: Use your google fu to find the answer using the information you have gained from the system already.

  2. The easy way: You have everything you need on Kali already, no need to do anything special, think about what services and information you have enumerated already, then use it to gain SYSTEM, simples!

Kudos to @egre55

I have performed a d** injection and restarted the ds service, but I can’t seem to get a m********r session… Anyone able to help me out? Thanks!

i really need an hint to m**** account to r**** … can someone PM me?

Rooted the box using groups method. But people say there is another way available to get a root, can anybody share it with me?

Can’t seem to find the 2nd user creds. If anyone can give me a nudge in the right direction, would be great!

Edit: OF course I find it right after posting this…

Type your comment> @Xerock said:

Can’t seem to find the 2nd user creds. If anyone can give me a nudge in the right direction, would be great!

Edit: OF course I find it right after posting this…

Sometimes the solution is in the “root” of the problem :wink:

I loved this box thanks to the author I learned a lot I am already root

Nevermind.

Finally rooted this box, learned a lot from this one.
look at what group of friends the user hangs out with and what they can do.
Google is your best friend after that.

Type your comment> @kkaz said:

Hints:
Users

User1: Quite easy just do basic enumeration
User2: Again enumerate the hidden jewls from root directory
Root

Method1: I used DNSA**** way with D** injection this method is quite tricky and interesting
Method2: Once you get user2 creds give it to ms*t smb module and this is it. This method is piece of cake, learned from @grav3m1ndbyte thanks mate.

@kkaz I just tried method 2. Wow,just wow. How easy was that?? Thanks for the tip.

user1 & 2 owned. just need to figure out the root.

EDIT: root was easier than finding user2 creds, imo

Just trying to root the machine but need some help with it… Can anyone PM me what is the right M*ST module, please?

Edit: Solved! Thnks to @ZloyObezyan for the help!

Type your comment> @kkaz said:

root is giving me real pain. When i run d***md command it does not contact my smbserver do not know why but stuck here. help will be appreciated.

Edit: Never mind got root i was doing a critical mistake, thanks goes to @g3of0xx @inertia @rholas

same here, I can connect to the share with dir command but not with the command we need… wtf is my critical mistake?

May I ask how all of you got the passwords for the users so quickly?

Anyone can help me understand why my dns*** command from ev**** shell doesn’t connect at all to my imp*** smb** ? It’s driving me crazy

nvm: I’m an IDIOT

Type your comment> @halfluke said:

Anyone can help me understand why my dns*** command from ev**** shell doesn’t connect at all to my imp*** smb** ? It’s driving me crazy

It might be the payload you hosted on imp*** smb server. I seems to have the same issue which you encounter but it seems to be fixed when i change the payload. The AV seems to block certain payloads which make it like it is not downloading any files from smb

Type your comment> @halfluke said:

Type your comment> @kkaz said:

root is giving me real pain. When i run d***md command it does not contact my smbserver do not know why but stuck here. help will be appreciated.

Edit: Never mind got root i was doing a critical mistake, thanks goes to @g3of0xx @inertia @rholas

same here, I can connect to the share with dir command but not with the command we need… wtf is my critical mistake?

dm me if still stuck

no, I’m an idiot, I expected to see a connection before restarting the service and as I didn’t see any connection, I never restarted the service…