Sniper

Hi everyone, i’d really appreciate some tip on escalating from i*** to c****
got creds to db and from db but those don’t seem to work anywhere. Already tried most of the techniques for privesc on win but nothing. There is also this “tip” from the file with db creds about user access on localhost but this doesn’t seem to work either…

I’m stuck with this one so if someone has some better tip than those that are already on the forum i would be thankful.

Any help appreciated. PM me

Possibly the most fun windows box and I learned about a new tool. Lots of googling was involved though.

It was a steep powershell learning curve though.

@michiPwn said:
Hi everyone, i’d really appreciate some tip on escalating from i*** to c****
got creds to db and from db but those don’t seem to work anywhere. Already tried most of the techniques for privesc on win but nothing. There is also this “tip” from the file with db creds about user access on localhost but this doesn’t seem to work either…

Its difficult to hint this. You want to check for credential reuse but you cant do it in an easy manner.

Think about Windows’ built in admin tools and how you can use that to create an object which allows you to invoke commands as someone else.

Finally rooted! Thanks @TazWake for the nudge on root. I was about to rage quit but I am glad I stuck it out. What a great box! I learned so much. :slight_smile:

Rooted! what a journey… Really cool box.

inital: you can go further than you can
user: the information needed is provided to you
root: ■■■■■■ ■■■■ - think about the given scenario

I have the user flag.
I am having issues trying to get root.
I have tried a lot of different things in regards to the old file.
Can anyone provide any assistance?

Totally stuck on the way i could use creds, I tried this ps commands without luck

In****-Com****
St***-Pro****

Finally rooted, had a lot of fun.

User: Look at what you can do once you find your vectors, hints in the forum would be enough.

Root: What you found it a hint, read the boss gives a hint, and google would help you to understand how to use that vector.

Messages for hints if needed.

Great machine!

Can i please get a hand to go from From user i*** to c****
I have some creds for the DB and from the DB for s******** but i can not find a combination that works to elevate within PS i’m pretty sure i know the syntax but no creds work.
Thanks

Edit:
Nevermind i see where i went wrong

Finally made it to the end… too baffled and too disoriented to know how. I just know, I could not have done it without the help of @Chr0x6eOs and @pramos.

Once I recover I will give a hint or two…

Thanks for an amazing machine!!!

After an ungodly amount of hours trying to get root and not understanding why it wasn’t working, I was finally able to learn what my problem was due to the help of @rholas . Much thanks for your insight!!

For everyone else, make certain that you pay close attention to your code and syntax and don’t make a stupid mistake like I did. Not paying close attention to your code and what you intended can make the difference between an easy escalation and a weekend of your life gone.

If anyone is willing to PM for a discussion on how to switch users, i would really welcome it. Have not been able to get the commands to work, and i want to make sure im on the right path

Edit: Nvm, got it, just needed to try harder lol

i need help with the initial foothold. any nudges would be appreciated! PM me for details… <3

Ignore me, im making progress now…

I’m stuck on root privilege escalation. I think I discovered the way ( malicious c**) but doesn’t work.
Any nudges would be appreciated PM me.

Update:
Finally I get the root. Wooohooo!!

For me work create the malicious file by hand.

Really good box, very realistic.

Hint initial shell: If you find a vulnerability, but you can’t seem to exploit it, see how to do it on a Windows machine.
Hint user.txt: Enumerate and you will find creds, use those with the powerful seashell to get a shell.
Hint root.txt: Enumerate again, you will find some documentation file. Search this for vulnerabilities. Also do what the “CEO” tells you to do and you will get your reverse shell as administrator.

Looking for tips on migrating from i** to c****. Anyone up?

Of course, just as you post you get it :wink:

[Update] Got admin! I spent so much time only to find our my windows powershell script to serve files on my dev box was corrupting my file when I would download it…doh!

Type your comment> @gr1mland said:

Looking for tips on migrating from i** to c****. Anyone up?

Of course, just as you post you get it :wink:

Did you watch Ippsec video about Arkham?

would appreciate nudges on migration i** → C***. Have some creds and working ps but cannot get right commands.

please PM me.

Can I get a hint as to where I might be able to upload something as the first user? Even a one-liner that finds places a user can write would be great. Thanks in advance!

Update: nevermind, I found something :slight_smile: