After getting root today thanks to @TazWake and @VbScrub, now my review for this box.
the first step was also the most frustrating, but mostly because I just couldn’t believe that I din’t try that earlier …
User: the 2nd creds and user are pretty straight forward. You even get a hint, what will be waiting for you during your search for root.
Root: involved a lot of enumeration and searching for me. And when I finnally found the right thing I still struggled … but in the end I got root
LIES I TELL YOU !!! LOL :: User: the 2nd creds and user are pretty straight forward
I have enumerated LP // I have list of users // I have used RC***** and scrapped all there is. Please assist.
Rooted
For root you don’t need to edit anything the file you find can do the job.
The most important thing is how to use the script. Once you know that root is pretty simple.
Feel free to PM if you need help
HELP
I have enumerated LP // I have list of users // I have used RC***** and scrapped all there is. Please assist.
I hate that this is purely a guessing game. I have tried all the realistic bad passwords I can think of. I feel as though it should be disclosed somewhere or have a technical means of finding it…
yes I’m just frustrated… Also VbScrub gave a good tip to reduce time… but I’m still stuck on “guessing” a password.
EDIT: GOT User… always check syntax!!! Thank you to those that assisted kicking me in my brain!
Interesting machine, learned a couple more useful tools. Thanks to those of you who posted hints, including @th3y , @VbScrub, @TazWake .
User is easy, but not always so easy to guess…really dumb and lazy, as they say.
Root is like @plackyhacker said, doesn’t require any modification to script, whatsoever. I had to place two files on the machine, an .exe and a .dll. It ran quickly and perfectly. The script started out as a Python version, and then someone turned it into another version.
Thanks @egre55 , for the machine. This was my fifth…
i have use enum4linux to brute username,but there is error,this is why?
[E] Server doesn’t allow session using username ‘’, password ‘’. Aborting remainder of tests.
i have use enum4linux to brute username,but there is error,this is why?
[E] Server doesn’t allow session using username ‘’, password ‘’. Aborting remainder of tests.
Try a different tool.
The problem with “enum” type scripts is that they run a lot of things and if you dont fully understand what they are doing, the output can be a bit confusing/overwhelming/misleading.
For example, I have zero idea why this response would happen, but it does imply it isn’t the best tool for this job.
I’m tearing my hair out with this easy to guess/lazy password. I’ve enumerated the list of user names but despite looping them through what feels like every obvious password I can think of, I’ve had no joy. Based on output from early enumeration, I been poking at S**. Is that where I’ve gone wrong?
I’m tearing my hair out with this easy to guess/lazy password. I’ve enumerated the list of user names but despite looping them through what feels like every obvious password I can think of, I’ve had no joy. Based on output from early enumeration, I been poking at S**. Is that where I’ve gone wrong?
You approach is correct. Take all the information you have right now - domains, obvious passwords, guesses, accounts, etc., and use that as the password list to try.
When you get it, you will realise you currently have the password.
I’ve tried so many users and passwords on this ■■■■■. Figures that the one account I got MSF to come up with the right ‘password’ was disabled. ■■■■ it all. I’ve been using all the four to six users that come up in the scans, all the ‘typical’ users you might see, and so many passwords variations, blanks, everything… Can it really be that obvious?
Annoyingly it really is that obvious when you find it.
All I can say is you might want to use CME rather than MSF and if you make a list of all the user accounts you can find and all the information you can find (domain names, profiles, usernames, timestamps, anything), you get it quite quickly.
The reality is if you’ve enumerated, you’ve seen the password.
I have enumerated all 10 users. I’m not seeing it. Please DM me some direction.
Hello everybody
can anyone hint me please with user, i found 2nd user creds and enumerate all in S****L directory but cant find way to get user.txt
cant undestand where i wrong
If you’ve connected as the second user, have you looked at their desktop?
i connect by s***t and cant find Desktop on u$ (
How did you connect? please DM me a cookie crumb. TY
■■■■, that root part got me fiddling with the code for hours. After reading enough articles, I realized that you don’t need to mess with the code. You just have to know how to execute the code and how it works!
Definitely expanded my knowledge with A**** and how vulnerable it is once the account has been compromised.
Hints:
USER - think how sysadmins create a new account in a lazy way. Now use that cred somewhere. Look for creds again. Use that creds somewhere.
ROOT - Once you found who you are. Google is your friend. There’s a lot of POC in the wild. Do a lot of research.