after a about a year away, i realize i have forgot so much! could anyone give me nudge in the right direction. I have got user creds but am stumped now… thank you in advance …
Edit: Got user, I was transposing the password wrong…doh…
Now stuck, trying to upload a enum script but antivirus is catching it…grrrr
I think I already have all the things I can have except the root in this box.
I got two users, I find the two groups that my R user belongs too.
One group with many ppl, one group only have R.
After I read all the hints, I still have no idea about the next step.
Tried to google with the Win version, with the groups and the privilege of R, no luck.
At this moment, I see no hope to get it through.
Could use a nudge can’t figure out how to get past me user. Have seen others saying to enumerate but ive tried a bunch of different things and still havent found anything useful. Trying to list running services as other seem to have offered that as advice. But it doesn’t appear me has the ability to do that. Would appreciate a nudge.
Would someone be able to point me in the right direction for the manual way of exploiting? I using r*** to request a file from my SS*** but no matter what I try it does not want to take it. Any help would be greatly appreciated!
Finally rooted! Patience is key for this one! Thank you @egre55 , this was a pretty cool box and not too hard (for those of us that suck at windows anyway)! Feel free to DM for help!
Thanks for the tips here, everyone, like @kkaz and @WiseGuy
This was my 3d machine, first Windows.
For User, thanks to those who mentioned at E… W…M. Great tool, first time I’ve seen it.
For Root, lots of people trying different methods other than MSF modules. Curious how the other methods work, but I never ended up having to use anything else. Used Im…t, but did me no good. Tried so many modules w/ ‘2nd user’ creds, and after seeing so many posts that one would work…finally found it
Ok, I have been trying very hard NOT to have to post. I thought with 17 pages worth of super helpful comments, I would be able to figure this out, but I am just stuck.
I am trying to get root.
-Have evil
-venomd a Dll
-can copy dll from smb (packet)
Not throwing the shell back to my NC
What am I doing wrong… I have been breaking my head over this.
I see a lot of people saying this is easier by using a module, but have no idea which one… I have tried a couple.
Please someone throw me a line and get me pointed back in the right direction.
Ok, I have been trying very hard NOT to have to post. I thought with 17 pages worth of super helpful comments, I would be able to figure this out, but I am just stuck.
Its ok - we all get stuck, the better you can explain the question, the better chance of an answer
I apologize for not asking a more clear question haha
I guess I am trying to figure out now if the dll crafted from msfvenom is sufficient or if I need to look into creating my own…
I will try to run the packet capture to see what is going on
I thought because I could copy the dll from the Share to the user’s desktop, that everything was working, but when I run the dns tool, I am not seeing the connection in my smb server.
@H31D1 just running the d**c** command won’t do anything instantly. The DLL only gets loaded when the D** service restarts. Also be aware that if anyone else runs that command in between you doing it and restarting the service, it’ll overwrite your DLL path with theirs and so you won’t get any results. Quite an annoying “feature” on a box that has multiple people attacking it at once
@VbScrub I saw that happening a few times… at one point today it was a fight to keep my dll in there, so instead of holding up someone else’s progress I took a break haha.
@6a6d6c has given me some material to research that might be my solution need to rethink my dll …hopefully can root this soon.