Control

i am at a point where i think i need to upgrade something that allows files to be written. Am i on the right track ?

Just completed machine. I did user a few weeks ago, but root was kind of postponed till today. Before starting root part I read forum very carefully, cause I knew that it would be something tricky (taking first root blood took quite some time).
Machine is very nice. User quite easy, but root brought something really new for me. I will not add more hints, cause there are enough here already, just wanted to say well done author!

can I have a hint for root?

Hey Guys I am stuck for initial shell. Got Credential but cannot find a way to use it. Can anyone help me out :slight_smile:
nvm: got user → he*** shell on the way to root :frowning:

Just got user!
Except for one small thing that I didn’t know it was pretty straight forward.

Now onto root.
Edit: Got root. Pretty hard box…
Thanks to @rholas and @v01t4ic for helping me with this one.

finally I got it thanks rholas and clubby789 for hint

Guys, pls share some hints for root flag, after weeks of hard-work i got user shell.

edit: got user flag :slight_smile:

Can someone provide a hint on user? Currently stuck on the Access Denied message.

Nevermind, I got it,

Thanks!

Can anyone PM hints on root? I’m looking at the PS history and not sure what to do with it. I have a vague idea of services and permissions, but nothing concrete.

Got root. PM if you need help.

Got passed first step, learned some cool techniques. Fun box thus far! Struggling to get user, I feel like i know what direction I need to go but could use a little nudge and maybe some sleep lol.
EDIT: User took me 4 days. On to root.

Any suggestions on exploiting the access the user has? I know in general what to modify, but not how which of the many thing I have access to, or how to “activate” it or kick off the changes.
Thanks!

Stuck on root. I don’t know how to restart what i need to execute what i want. Seems nothing can be restarted. Any hints?

Finally got root, but more through trial and error than anything else. Could anyone else PM their enumeration process for the vulnerable service? Not sure if there’s a systematic way people are finding it or just luck/bruteforce.

Type your comment> @ssklash said:

Finally got root, but more through trial and error than anything else. Could anyone else PM their enumeration process for the vulnerable service? Not sure if there’s a systematic way people are finding it or just luck/bruteforce.

Me too. Although I can write a pseudo script which can find that service, and I have found the instructions which are needed for the implementation, but I have no practice in Powershell.

The privilege escalation phase (including discovery) is superb. Thanks @TRX.

Can someone pls pm a nudge on initial foothold? Just have the wfuzz found php files, i believe a***n is the way to go but i can’t wrap my mind around it

Type your comment> @seke said:

Can someone pls pm a nudge on initial foothold? Just have the wfuzz found php files, i believe a***n is the way to go but i can’t wrap my mind around it

As usual enumeration is the key factor. There is information a little hidden, and another which sticks out a mile. You should join them.

Alright y’all, i’m a bit stuck on root. I have found C******_h******.txt with some old ps commands which I re-ran to see what it reveals. I can’t seem to find any info on how to manipulate the registry in a way that benefits me. hklm:\s*****\c****************\control seems interesting but still unsure what to do here. Never used the reg like this. Can someone drop me a PM?

For those who will ask me about user/initial foothold, just do a lot of my*** research and how to write to files. LMK if there is too much info disclosed in this comment plz. THX

Need help with root too, I have H***** but cannot figure out what to do next. Please PM.