Monteverde

Spoiler Removed

Spoiler Removed

Spoiler Removed

Hi ,

I found username and pass word with cme , but i couldn executre command on the system with this password using cme and e***-***rm , any hits please…

best wishes

So trying to get a certain exploit working via the evil but not sure what I should edit… atm when I run it literally nothing happens, or rather nothing is returned…

Please PM me if you can help, and if you found another way to root, please point me in that direction.

Thanks,

Type your comment> @n3m3n said:

Hi ,

I found username and pass word with cme , but i couldn executre command on the system with this password using cme and e***-***rm , any hits please…

best wishes

I think you may have just a bit more enumeration to do. Try enumerating a very common service with what you have found.

i got user!!!
only basic tools.
enum…

Got user it was easy but frustrating for me
Hints;
Basic enum and you have list of users just remember the lazy admin here who does not care about passwords at all
then do more general enum and you should have some thing that could go along with evil

Fun box! Learned quite a bit as well. Thanks @egre55

got user, on to root

oups

Type your comment> @gverre said:

oups

nope i still have errors :smiley:

I just finished the machine.
All in all it was a good and fun machine. Thanks to the creator :slight_smile:

I hope this is ok to leave here as someone may find it useful GitHub - tobor88/ReversePowerShell: Functions that can be used to gain Reverse Shells with PowerShell

Just got user :slight_smile:

No word lists or brute forcing etc required as others have said, but you won’t just find it written down somewhere.

If you want to narrow down the usernames you should be trying obvious passwords with, you could try looking at which users have actually ever logged on. There’s an attribute on user accounts that tells you the date/time a user last logged on. Integrate that into your base L*** query and it narrows it down to just 3 user accounts.

One final tip: I actually guessed the right password straight away, but was just trying to log in to the wrong service/port. So yeah, remember there are other things to try credentials against.

User and root owned

found the password as the first guessing step…used smbclient for enumerate…
for them who s(t)ucked - copypaste)

I hate that this is purely a guessing game. I have tried all the realistic bad passwords I can think of. I feel as though it should be disclosed somewhere or have a technical means of finding it…

yes I’m just frustrated… Also VbScrub gave a good tip to reduce time… but I’m still stuck on “guessing” a password.

EDIT: GOT User… always check syntax!!! Thank you to those that assisted kicking me in my brain!

Stuck on the guessing game with the 2 services :smiley: a nudge would be appreciated.

Spoiler Removed