Hi everyone, i’d really appreciate some tip on escalating from i*** to c****
got creds to db and from db but those don’t seem to work anywhere. Already tried most of the techniques for privesc on win but nothing. There is also this “tip” from the file with db creds about user access on localhost but this doesn’t seem to work either…
I’m stuck with this one so if someone has some better tip than those that are already on the forum i would be thankful.
@michiPwn said:
Hi everyone, i’d really appreciate some tip on escalating from i*** to c****
got creds to db and from db but those don’t seem to work anywhere. Already tried most of the techniques for privesc on win but nothing. There is also this “tip” from the file with db creds about user access on localhost but this doesn’t seem to work either…
Its difficult to hint this. You want to check for credential reuse but you cant do it in an easy manner.
Think about Windows’ built in admin tools and how you can use that to create an object which allows you to invoke commands as someone else.
I have the user flag.
I am having issues trying to get root.
I have tried a lot of different things in regards to the old file.
Can anyone provide any assistance?
Can i please get a hand to go from From user i*** to c****
I have some creds for the DB and from the DB for s******** but i can not find a combination that works to elevate within PS i’m pretty sure i know the syntax but no creds work.
Thanks
Finally made it to the end… too baffled and too disoriented to know how. I just know, I could not have done it without the help of @Chr0x6eOs and @pramos.
After an ungodly amount of hours trying to get root and not understanding why it wasn’t working, I was finally able to learn what my problem was due to the help of @rholas . Much thanks for your insight!!
For everyone else, make certain that you pay close attention to your code and syntax and don’t make a stupid mistake like I did. Not paying close attention to your code and what you intended can make the difference between an easy escalation and a weekend of your life gone.
If anyone is willing to PM for a discussion on how to switch users, i would really welcome it. Have not been able to get the commands to work, and i want to make sure im on the right path
Hint initial shell: If you find a vulnerability, but you can’t seem to exploit it, see how to do it on a Windows machine.
Hint user.txt: Enumerate and you will find creds, use those with the powerful seashell to get a shell.
Hint root.txt: Enumerate again, you will find some documentation file. Search this for vulnerabilities. Also do what the “CEO” tells you to do and you will get your reverse shell as administrator.
Looking for tips on migrating from i** to c****. Anyone up?
Of course, just as you post you get it
[Update] Got admin! I spent so much time only to find our my windows powershell script to serve files on my dev box was corrupting my file when I would download it…doh!
Can I get a hint as to where I might be able to upload something as the first user? Even a one-liner that finds places a user can write would be great. Thanks in advance!