Resolute

Grabbed the user flag from User1. Is User2 required for getting root? Spent some time looking around, but haven’t found the interesting files yet to make the move. If anyone wants to give me nudge towards User2 creds I would appreciate it.

Well, I finally figured out the problem. It was the equivalent of messing around with routing tables for hours and then deciding to see if the cables are plugged in. For those that may be having issues with the listener and you are using some blog posts to help with the payload, be careful with the share names. :slight_smile:

It may look like your payload has worked but it might be a blank payload. Feel free to PM me if I might be able to help

@VbScrub and @AzAxIaL , Thank you for your contributions to the thread. Helped me out.
Rooted.
I happened to go through the hard way of writing d** from msi* and using im******'s sbe****.py. If anyone used the easy tool me******t, please DM me
Initial: Find what services are running, figure out how to talk with them and see if they store any goodies
User1: I used CME for this but it doesn’t look like anyone else has, but draw basic lines between users and security
User2: Dig under ground, find some fat fingers
Root: understand your new role and all the power it provides. Then the ol google for how to advance that role.

DM me if nudges

Random Tips:

User 1: you got a lot from enum. Read slowly. If you got something, try to make it work with something else.

User 2: search for something that…hides. Under your nose.

Root: easier than you actually think. Don’t need to upload any files. Am**e is enough.

@scaffolds said:
Grabbed the user flag from User1. Is User2 required for getting root? Spent some time looking around, but haven’t found the interesting files yet to make the move. If anyone wants to give me nudge towards User2 creds I would appreciate it.

User 2 is the way for the top.

Start from the beginning: try to see further.

Thanks for the tips @Pierl666 , between those and the nudge form @alha1134 I was able to finally get into User2.

Was definitely overthinking the process and ultimately just didn’t enumerate well enough initially.

if anyone could give me some confirmation i am heading the right way for root here, please pm me! … thank you

Giz

I am really confused I got the creds, which work great, but I am unsuccessful in getting a shell. Any tips are greatly appreciated.

@linkerslv Did you try something evil with those creds??

anybody willing to dm me to look at my poc for root privesc on resolute? banging my head all day and i’m pretty certain i have the steps. i’ve tested my payload on a separate machine and it works, but i can’t get it to call back on the box

Hmm, failing at last hurdle, anyone about who could give me a PM to check a few things please? :slight_smile: thanks in advance

Thanks! nice machine! learned some new stuff!

Rooted !

Very cool box, PM if needed ! :slight_smile:

Anyone on willing to help with root? I have the second user. From the forum, it sounds like D** inj is the way forward. I have 0 exp with this. Studying now, but could use some guidance if you’re willing. thank you.

what the ■■■■■■ ■■■■ is going on with this root bit?.. I have tried all sorts of different ways to get the dll to restart but no call back, its driving me crazy!!!

EDIT - debugged and go it working…

C:\Users\Administrator\Desktop>whoami
whoami
nt authority\system

thank god for that ! i can sleep now!

■■■■, that was a great box. Felt very close to a real world scenario which was nice.

Any hints previously given are pretty on point so I’ve got nothing to add more there.

■■■■ yea!

 Directory of C:\Users\Administrator\Desktop

12/04/2019  05:18 AM    <DIR>          .
12/04/2019  05:18 AM    <DIR>          ..
12/03/2019  07:32 AM                32 root.txt
               1 File(s)             32 bytes
               2 Dir(s)  30,961,541,120 bytes free

thank you @disastrpc …that switch stopped me from jumping out a window. couldn’t get why it would not call back. also thank you @beorn and @menorevs . first time in this area, i appreciate the nudge.

Hey,

Is there someone who wants to take me along in the process of private esc for this box (and probably for another)

I have a low priv shell like m …

Now I have tried everything, read this thread twice already and I am getting more and more confused.

Suggestion 1: refers to a specific group of which we are a member. This could be exploited without file uploads.

  1. Suggestion 2 refers to a certain attack technique. Now I think I understand that technique in theory, but it is completely unclear to me how I choose the right + the corresponding process.

Many techniques are new to me, many have been reading, so meanwhile an overload of info. No longer actually see the trees through the forest.

I hope that someone can and will help me.

Rooted, pm for nudges

Can somebody pleaseee PM me to discuss root!?!? I’ll tell you what i’ve been trying but cannot get it to work.
RESPECT will be given.